{"id":349565,"date":"2021-08-06T12:01:49","date_gmt":"2021-08-06T11:01:49","guid":{"rendered":"https:\/\/www.comparitech.com\/?p=349565"},"modified":"2024-11-14T12:33:08","modified_gmt":"2024-11-14T12:33:08","slug":"sqlmap-cheat-sheet","status":"publish","type":"post","link":"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/","title":{"rendered":"sqlmap Cheat Sheet"},"content":{"rendered":"<p><a href=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-350833\" src=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-1.jpg\" alt=\"sqlmap Cheat Sheet\" width=\"1200\" height=\"600\" srcset=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-1.jpg 1200w, https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-1-300x150.jpg 300w, https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-1-1024x512.jpg 1024w, https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-1-768x384.jpg 768w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/sqlmap.org\/\" target=\"_blank\" rel=\"noopener\"><strong>SQLMap<\/strong><\/a> is a free tool that checks on <b>database vulnerabilities<\/b>. If you run a website, you\u2019re vulnerable to a range of SQL-based hacker attacks that can compromise the database that lies behind many site functions. If hackers can break into your network and infect an endpoint, they can also use SQL injection techniques to compromise those databases that support <b>back-office functions<\/b>.<\/p>\n<p><a href=\"https:\/\/sqlmap.org\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-441985\" src=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/08\/sqlmap.jpg\" alt=\"sqlmap\" width=\"730\" height=\"368\" srcset=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/08\/sqlmap.jpg 730w, https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/08\/sqlmap-300x151.jpg 300w\" sizes=\"auto, (max-width: 730px) 100vw, 730px\" \/><\/a><\/p>\n<p>Your database lies at the heart of your business information system. It drives data sharing in ERP systems and stores <b>sensitive data<\/b>, such as customer records and turnover information. To fully understand potential vulnerability in this area, you need to know what an SQL injection attack is.<\/p>\n<h2>What is an SQL Injection Attack?<\/h2>\n<p>SQL Injection (SQLi) is a type of cyberattack where malicious actors exploit vulnerabilities in an application&#8217;s database query process. By injecting specially crafted SQL statements into input fields (such as login forms or search bars), attackers can manipulate the database and execute unauthorized actions. These actions might include retrieving, modifying, or even deleting sensitive data.<\/p>\n<h2>How SQL Injection Works<\/h2>\n<p>SQL injection occurs when user input is directly incorporated into SQL queries without proper validation or sanitization. For example, consider a login form that uses the following query to authenticate users:<\/p>\n<div class=\"ctech-content-on-bk  \"><\/p>\n<p>SELECT * FROM users WHERE username = &#8216;user_input&#8217; AND password = &#8216;user_input&#8217;;<\/p>\n<p>If the application doesn&#8217;t sanitize input, an attacker could enter user_input like this:<br \/>\n&#8216; OR &#8216;1&#8217;=&#8217;1<\/p>\n<p>The resulting query becomes:<br \/>\nSELECT * FROM users WHERE username = &#8221; OR &#8216;1&#8217;=&#8217;1&#8242; AND password = &#8221; OR &#8216;1&#8217;=&#8217;1&#8242;;<\/p>\n<p><\/div>\n<p>This query always evaluates to true, allowing unauthorized access.<\/p>\n<h2>Consequences of SQL Injection<\/h2>\n<p>SQL injection can have severe consequences, such as:<\/p>\n<ul>\n<li><strong>Data Theft:<\/strong> Attackers can retrieve sensitive information, including personal data, credentials, and financial details.<\/li>\n<li><strong>Data Manipulation:<\/strong> Malicious users can alter or delete data, disrupting business operations.<\/li>\n<li><strong>System Takeover:<\/strong> In some cases, attackers can gain administrative privileges, compromising the entire system.<\/li>\n<\/ul>\n<h2>Preventing SQL Injection<\/h2>\n<p>To protect against SQL injection, developers should:<\/p>\n<ul>\n<li>Use prepared statements and parameterized queries.<\/li>\n<li>Validate and sanitize all user inputs.<\/li>\n<li>Implement least privilege principles for database access.<\/li>\n<li>Regularly update and patch database management systems and applications.<\/li>\n<\/ul>\n<p>By following these practices, organizations can significantly reduce their risk of SQL injection attacks.<\/p>\n<p><strong>See also<\/strong>: <a href=\"https:\/\/www.comparitech.com\/net-admin\/sql-server-monitoring-tools\/\" target=\"_blank\" rel=\"noopener\">Best SQL Server Monitoring Tools<\/a><\/p>\n<h2><b>Classifying SQL injection attacks<\/b><\/h2>\n<figure id=\"attachment_441987\" aria-describedby=\"caption-attachment-441987\" style=\"width: 1401px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/08\/OWASP-Top-10.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-441987\" src=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/08\/OWASP-Top-10.jpg\" alt=\"OWASP Top 10\" width=\"1401\" height=\"384\" srcset=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/08\/OWASP-Top-10.jpg 1401w, https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/08\/OWASP-Top-10-300x82.jpg 300w, https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/08\/OWASP-Top-10-1024x281.jpg 1024w, https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/08\/OWASP-Top-10-768x211.jpg 768w\" sizes=\"auto, (max-width: 1401px) 100vw, 1401px\" \/><\/a><figcaption id=\"caption-attachment-441987\" class=\"wp-caption-text\">OWASP Top 10<\/figcaption><\/figure>\n<p>The <b>Open Web Application Security Project<\/b> (OOWASP Top 10WASP) creates a list of the top 10 system vulnerabilities that is regarded as the definitive list of weaknesses to look for. Vulnerability scanners promise to check for the <b>OWASP Top 10<\/b>. SQL Injection is the top threat listed by OWASP. The organization breaks that category down into four types.<\/p>\n<ul>\n<li>Classic SQL Injection<\/li>\n<li>Blind or Inference SQL Injection<\/li>\n<li>DBMS-specific SQL Injection<\/li>\n<li>Compounded SQL Injection<\/li>\n<\/ul>\n<p>These categories are broken down further by the industry. A Classic SQL Injection attack is also known as an <b>In-band attack<\/b>. This category includes two possible methods \u2013 Error-based SQLI and Union-based SQLI.<\/p>\n<p>Compound SQL Injection attacks add on another type of hacker attack to the SQL Injection activity. These are:<\/p>\n<ul>\n<li>Authentication attacks<\/li>\n<li>DDoS attacks<\/li>\n<li>DNS hijacking<\/li>\n<li>Cross-site scripting (XSS)<\/li>\n<\/ul>\n<p>In the interests of brevity in this guide \u2013 which is focused on <b>sqlmap<\/b> \u2013 the definition of these attack strategies will not be covered here.<\/p>\n<h2><b>Checking for SQL injection vulnerabilities<\/b><\/h2>\n<p>SQLMap enables you to try out the types of attacks that hackers implement on databases. This lets you see whether or not your systems are <b>protected against attack<\/b>.<\/p>\n<p>Hackers are constantly inventing new attack strategies. However, the ways relational databases and SQL operate mean that there are only so many types of attacks that will work. In other words, new attacks are always <b>variations on a theme<\/b>. If you have a tool that can ensure protection against generic categories of attack, you can be sure that you have uncovered all possible vulnerabilities.<\/p>\n<figure id=\"attachment_441988\" aria-describedby=\"caption-attachment-441988\" style=\"width: 687px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/08\/sqlmap-demo.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-441988 size-full\" src=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/08\/sqlmap-demo.jpg\" alt=\"sqlmap demo\" width=\"687\" height=\"574\" srcset=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/08\/sqlmap-demo.jpg 687w, https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/08\/sqlmap-demo-300x251.jpg 300w\" sizes=\"auto, (max-width: 687px) 100vw, 687px\" \/><\/a><figcaption id=\"caption-attachment-441988\" class=\"wp-caption-text\">SQLMap Demo<\/figcaption><\/figure>\n<p>A sqlmap check attempts an attack in each of a number of categories \u2013 there are six in total. If one of these attacks <b>succeeds<\/b>, you know that you have a serious problem and part of the interface that fronts your database needs to be re-written to block that attack.<\/p>\n<p>The types of attacks that sqlmap attempts are:<\/p>\n<ul>\n<li>Boolean-based blind SQL injection<\/li>\n<li>Time-based blind SQL injection<\/li>\n<li>Error-based SQL injection<\/li>\n<li>Union-based SQL injection<\/li>\n<li>Stacked queries<\/li>\n<li>Out-of-band attacks<\/li>\n<\/ul>\n<p>The definitions used by the sqlmap developers don\u2019t map exactly to the categories used by OWASP. The list includes both types of <b>Classic SQL injection<\/b> and both types of <b>Blind SQL injection<\/b>.<\/p>\n<p>The stacked queries attack strategy performed by sqlmap should cover what OWASP terms <b>DBMS-specific attacks<\/b>. The Combined attack category of OWASP isn\u2019t relevant to the SQL Injection-focused sqlmap detection system.<\/p>\n<p>Logically, if you can ensure that your system isn\u2019t vulnerable to an SQL injection attack, it automatically won\u2019t be vulnerable to a combined attack. However, you should use other <b>pen testing tools<\/b> to check whether your site is vulnerable to DDoS attacks, XSS, or DNS hijacking. All systems are permanently liable to authentication attacks \u2013 you need to ensure a secure identity and access management strategy in order to protect your business from the threat of <b>authentication cracking<\/b>.<\/p>\n<p>The sqlmap system checks work with the following DBMSs:<\/p>\n<div class=\"ctech-tablepress-outer-wrapper\">\n<table id=\"tablepress-1966\" class=\"tablepress tablepress-id-1966\">\n<tbody class=\"row-striping row-hover\">\n<tr class=\"row-1\">\n\t<td class=\"column-1\">MySQL<\/td><td class=\"column-2\">Microsoft SQL Server<\/td><td class=\"column-3\">Microsoft Access<\/td><td class=\"column-4\">MariaDB<\/td>\n<\/tr>\n<tr class=\"row-2\">\n\t<td class=\"column-1\">Oracle<\/td><td class=\"column-2\">PostgreSQL\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/td><td class=\"column-3\">IBM DB2<\/td><td class=\"column-4\">SQLite<\/td>\n<\/tr>\n<tr class=\"row-3\">\n\t<td class=\"column-1\">Firebird<\/td><td class=\"column-2\">Sybase<\/td><td class=\"column-3\">SAP MaxDB<\/td><td class=\"column-4\">Informix<\/td>\n<\/tr>\n<tr class=\"row-4\">\n\t<td class=\"column-1\">MemSQL<\/td><td class=\"column-2\">TiDB<\/td><td class=\"column-3\">CockroachDB<\/td><td class=\"column-4\">HSQLDB<\/td>\n<\/tr>\n<tr class=\"row-5\">\n\t<td class=\"column-1\">H2<\/td><td class=\"column-2\">MonetDB<\/td><td class=\"column-3\">Apache Derby<\/td><td class=\"column-4\">Apache Ignite<\/td>\n<\/tr>\n<tr class=\"row-6\">\n\t<td class=\"column-1\">Amazon Redshift<\/td><td class=\"column-2\">Vertica<\/td><td class=\"column-3\">Mckoi<\/td><td class=\"column-4\">Presto<\/td>\n<\/tr>\n<tr class=\"row-7\">\n\t<td class=\"column-1\">Altibase<\/td><td class=\"column-2\">MimerSQL<\/td><td class=\"column-3\">CrateDB<\/td><td class=\"column-4\">Greenplum<\/td>\n<\/tr>\n<tr class=\"row-8\">\n\t<td class=\"column-1\">Drizzle<\/td><td class=\"column-2\">Cubrid<\/td><td class=\"column-3\">InterSystems Cache<\/td><td class=\"column-4\">IRIS<\/td>\n<\/tr>\n<tr class=\"row-9\">\n\t<td class=\"column-1\">eXtremeDB<\/td><td class=\"column-2\">FrontBase<\/td><td class=\"column-3\">YugabyteDB<\/td><td class=\"column-4\">Virtuoso<\/td>\n<\/tr>\n<tr class=\"row-10\">\n\t<td class=\"column-1\">Raima Database Manager<\/td><td class=\"column-2\"><\/td><td class=\"column-3\"><\/td><td class=\"column-4\"><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h2><b>System requirements for sqlmap<\/b><\/h2>\n<p>You can install sqlmap on <b>Windows<\/b>, <b>macOS<\/b>, and <b>Linux<\/b>.<\/p>\n<p>The sqlmap system is written in Python, so you have to install <b>Python 2.6<\/b> or later on your computer in order to run sqlmap. The current version as at July 2021 is 3.9.<\/p>\n<p>To find out whether you have Python installed, on Windows open a command prompt and enter <b>python &#8211;version<\/b>. If you don\u2019t have Python, you will see a message telling you to type python again without parameters. Type <b>python<\/b> and this will open up the Microsoft Store with the Python package set up to download. Click on the <b>Get<\/b> button and follow installation instructions.<\/p>\n<p>If you have macOS type <b>python &#8211;version<\/b>. If you get an error message, enter the following commands:<\/p>\n<pre><code>$ xcode-select --install\r\n$ ruby -e \"$(curl -fsSL https:\/\/raw.githubusercontent.com\/Homebrew\/install\/master\/install)\"\r\n$ brew install python3<\/code><\/pre>\n<p>In those lines, the <b>$<\/b> represents the system prompt \u2013 don\u2019t type that in.<\/p>\n<p>If you have Linux, you will already have Python installed.<\/p>\n<h2><b>Install sqlmap<\/b><\/h2>\n<div class=\"ctech-content-on-bk  with-ol\"><\/p>\n<p>To install sqlmap:<\/p>\n<ol>\n<li>Go to the website for the sqlmap project at <a href=\"https:\/\/sqlmap.org\/\" target=\"_blank\" rel=\"noopener\">sqlmap.org<\/a>.<\/li>\n<li>If you have Windows, click on the <b>Download .zip<\/b> file button. If you have macOS or Linux, click on the <b>Download .tar.gz<\/b> file button.<\/li>\n<li>Unpack the compressed file.<\/li>\n<\/ol>\n<p><\/div>\n<p>Your system will automatically name the directory the same as the compressed file. However, this is a very long name, so opt to have the new directory called just sqlmap. It doesn\u2019t matter where on your computer you create that directory.<\/p>\n<h2><b>Running sqlmap<\/b><\/h2>\n<p>The sqlmap system is a command-line utility. There isn\u2019t a GUI interface for it. So, go to the command line on your computer to use sqlmap. Change to the sqlmap directory that you created in order to run the utility. You do not have to compile any program.<\/p>\n<p>The program that you run in order to use sqlmap is called sqlmap.py. It will not run unless you add an option to the end of the program name.<\/p>\n<h3>The options for sqlmap are:<\/h3>\n<div class=\"ctech-tablepress-outer-wrapper\">\n<table id=\"tablepress-1978\" class=\"tablepress tablepress-id-1978\">\n<tbody class=\"row-hover\">\n<tr class=\"row-1\">\n\t<td class=\"column-1\"><p>-u URL<\/p><br \/>\n<\/td><td class=\"column-2\"><p>The target URL<\/p><br \/>\n<p><strong>Format:<\/strong> -u \"http:\/\/www.target.com\/path\/file.htm?variable=1\"<\/p><br \/>\n<\/td>\n<\/tr>\n<tr class=\"row-2\">\n\t<td class=\"column-1\"><p>-d DIRECT<\/p><br \/>\n<\/td><td class=\"column-2\"><p>Connection string for direct database connection<\/p><br \/>\n<p><strong>Format:<\/strong> -d DBMS:\/\/DATABASE_FILEPATH <strong><em>or<\/em><\/strong><\/p><br \/>\n<p>-d DBMS:\/\/USER:PASSWORD@DBMS_IP:DBMS_PORT\/DATABASE_NAME<\/p><br \/>\n<\/td>\n<\/tr>\n<tr class=\"row-3\">\n\t<td class=\"column-1\"><p>-l LOGFILE<\/p><br \/>\n<\/td><td class=\"column-2\"><p>Parse target(s) from Burp or WebScarab proxy log file<\/p><br \/>\n<\/td>\n<\/tr>\n<tr class=\"row-4\">\n\t<td class=\"column-1\"><p>-m BULKFILE<\/p><br \/>\n<\/td><td class=\"column-2\"><p>Scan multiple targets given in a textual file<\/p><br \/>\n<p><strong>Format:<\/strong> The file should contain a URL per line<\/p><br \/>\n<\/td>\n<\/tr>\n<tr class=\"row-5\">\n\t<td class=\"column-1\"><p>-r REQUESTFILE<\/p><br \/>\n<\/td><td class=\"column-2\"><p>Load HTTP request from a file<\/p><br \/>\n<p><strong>Format:<\/strong> The file can contain an HTTP or an HTTPS transaction<\/p><br \/>\n<\/td>\n<\/tr>\n<tr class=\"row-6\">\n\t<td class=\"column-1\"><p>-g GOOGLEDORK<\/p><br \/>\n<\/td><td class=\"column-2\"><p>Process Google dork results as target URLs<\/p><br \/>\n<\/td>\n<\/tr>\n<tr class=\"row-7\">\n\t<td class=\"column-1\"><p>-c CONFIGFILE<\/p><br \/>\n<\/td><td class=\"column-2\"><p>Load options from a configuration INI file<\/p><br \/>\n<\/td>\n<\/tr>\n<tr class=\"row-8\">\n\t<td class=\"column-1\"><p>--wizard<\/p><br \/>\n<\/td><td class=\"column-2\"><p>A guided execution service<\/p><br \/>\n<\/td>\n<\/tr>\n<tr class=\"row-9\">\n\t<td class=\"column-1\"><p>--update<\/p><br \/>\n<\/td><td class=\"column-2\"><p>Update sqlmap to the latest version<\/p><br \/>\n<\/td>\n<\/tr>\n<tr class=\"row-10\">\n\t<td class=\"column-1\"><p>--purge<\/p><br \/>\n<\/td><td class=\"column-2\"><p>Clear out the sqlmap data folder<\/p><br \/>\n<\/td>\n<\/tr>\n<tr class=\"row-11\">\n\t<td class=\"column-1\"><p>--purge-output<\/p><br \/>\n<\/td><td class=\"column-2\"><p>As above<\/p><br \/>\n<\/td>\n<\/tr>\n<tr class=\"row-12\">\n\t<td class=\"column-1\"><p>--dependencies<\/p><br \/>\n<\/td><td class=\"column-2\"><p>Check for missing sqlmap dependencies<\/p><br \/>\n<\/td>\n<\/tr>\n<tr class=\"row-13\">\n\t<td class=\"column-1\"><p>-h<\/p><br \/>\n<\/td><td class=\"column-2\"><p>Basic help<\/p><br \/>\n<\/td>\n<\/tr>\n<tr class=\"row-14\">\n\t<td class=\"column-1\"><p>-hh<\/p><br \/>\n<\/td><td class=\"column-2\"><p>Advanced help<\/p><br \/>\n<\/td>\n<\/tr>\n<tr class=\"row-15\">\n\t<td class=\"column-1\"><p>-- version<\/p><br \/>\n<\/td><td class=\"column-2\"><p>Show the version number<\/p><br \/>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p>You can\u2019t run sqlmap without one of those options. There are <b>many other options<\/b> and it is often necessary to string several options in sequence on a command line.<\/p>\n<p>A full attack requires so many options and inputs that it is easier to put all of those options in a file and then call the file instead of typing them all in. In this scenario, it is a convention to store all of the options in <b>a text file<\/b> with the extension .INI. You would include this list of options in the command line with the -c option followed by the file name. This method cuts out repeating typing in the whole long command over and over again to account for spelling mistakes or format errors.<\/p>\n<h2><b>More sqlmap options<\/b><\/h2>\n<p>There are many other switches that you can add to a <b>sqlmap <\/b>command. Option parameters that are character-based should be enclosed in double-quotes (\u201c \u201c), numerical parameters should not be quoted.<\/p>\n<p>In the interests of brevity within this guide, we have presented all of these in a PDF file:<\/p>\n<p><a href=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet.jpg\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-350831 size-full\" src=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet.jpg\" alt=\"sqlmap Cheat Sheet\" width=\"1581\" height=\"1261\" srcset=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet.jpg 1581w, https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-300x239.jpg 300w, https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-1024x817.jpg 1024w, https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-768x613.jpg 768w, https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-1536x1225.jpg 1536w\" sizes=\"auto, (max-width: 1581px) 100vw, 1581px\" \/><\/a><\/p>\n<p>Click on the image above to open the full <a href=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet.jpg\" target=\"_blank\" rel=\"noopener\"><b>sqlmap Cheat Sheet<\/b>\u00a0<strong>JPG<\/strong><\/a> in a new window, or <a href=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet.pdf\" target=\"_blank\" rel=\"noopener\"><strong>click here to download the sqlmap Cheat Sheet <\/strong><strong>PDF<\/strong><\/a>.<\/p>\n<h2><b>Running an SQL injection attack scan with sqlmap<\/b><\/h2>\n<p>The large number of options available for sqlmap is daunting. There are too many options to comb through in order to work out how to form an SQL injection attack. The best way to acquire the knowledge of how to perform the different types of attacks is to <b>learn by example<\/b>.<\/p>\n<p>To experience how a sqlmap test system proceeds, try the following test run, substituting the URL of your site for the marker &lt;URL&gt;. You need to include the schema on the front of the URL (http or https).<\/p>\n<pre><code>$ sqlmap.py -u \u201c&lt;URL&gt;\u201d --batch --banner<\/code><\/pre>\n<p>This command will trigger a run-through of all of the sqlmap procedures, offering you options over the test as it proceeds.<\/p>\n<p>The system will show <b>the start time<\/b> of the test. Each report line includes the time that each test completed.<\/p>\n<p>The sqlmap service will <b>test the connection<\/b> to the Web server and then scan various aspects of the site. These attributes include the site\u2019s default character set, a check for the presence of <b>defense systems<\/b>, such as a Web application firewall or intrusion detection systems.<\/p>\n<p>The next phase of the test identifies the DBMS used for the site. It will attempt <b>a series of attacks<\/b> to probe the vulnerability of the site\u2019s database. These are:<\/p>\n<ul>\n<li>A GET input attack \u2013 this identifies the susceptibility to Classic SQLI and XSS attacks<\/li>\n<li>DBMS-specific attacks<\/li>\n<li>Boolean-based blind SQLI<\/li>\n<li>The system will ask for a level and a risk value. If these are high enough, it will run a time-based blind SQLI<\/li>\n<li>An error-based SQLI attack<\/li>\n<li>A UNION-based SQLI if the level and risk values are high enough<\/li>\n<li>Stacked queries<\/li>\n<\/ul>\n<p>In answer to the banner option used in this run, sqlmap completes its run by fetching <b>the database banner<\/b>. Finally, all extracted data with explanations of their meanings are written to <b>a log file<\/b>.<\/p>\n<p>As you can see, without many options given on the command, the sqlmap system will run through a standard series of attacks and will check with the user for decisions over the depth of the test as the test progresses.<\/p>\n<p>A small change in the command will run the same battery of tests but by using a <b>POST<\/b> as a test method instead of a <b>GET<\/b>.<\/p>\n<p>Try the following command:<\/p>\n<pre><code>$ sqlmap.py -u \u201c&lt;URL&gt;\u201d --data=\u201cid=1\u201d --banner<\/code><\/pre>\n<h2><b>Password cracking with sqlmap<\/b><\/h2>\n<p>A change of just one word in the first command used for the previous section will give you a range of tests to see whether the <b>credentials management system<\/b> of your database has weaknesses.<\/p>\n<p>Enter the following command:<\/p>\n<pre><code>$ sqlmap.py -u \u201c&lt;URL&gt;\u201d --batch --password<\/code><\/pre>\n<p>Again, you need to substitute your site\u2019s URL for the &lt;URL&gt; marker.<\/p>\n<p>When you run this command, sqlmap will initiate a series of tests and give you a number of options along the way.<\/p>\n<p>The sqlmap run will try a time-based blind SQLI and then a UNION-based blind attack. It will then give you the option to store password hashes to a file for analysis with another tool and then gives the opportunity for a dictionary-based attack.<\/p>\n<p>The services will try a series of well-known user account names and cycle through a list of often-used passwords against each candidate username. This is called a \u201c<b>cluster bomb<\/b>\u201d attack. The files suite of sqlmap includes a file of payloads for this attack but you can supply your own file instead.<\/p>\n<p>Whenever sqlmap hits a username and password combination, it will display it. All actions for the run are then written to a log file before the program ends its run.<\/p>\n<h2><b>Get a list of databases on your system and their tables<\/b><\/h2>\n<p>Information is power and hackers first need to know what database instances you have on your system in order to hack into them. You can find out whether this basic information can be easily accessed by <b>intruders <\/b>with the following command:<\/p>\n<pre><code>$ sqlmap.py -u \u201c&lt;URL&gt;\u201d --batch --dbs<\/code><\/pre>\n<p>This test will include time-based, error-based, and UNION-based SQL injection attacks. It will then identify the DBMS brand and then list the database names. The information derived during the test run is then written to a log file as the program terminates.<\/p>\n<p>Investigate a little further and get a list of the tables in one of those databases with the following command.<\/p>\n<pre><code>$ sqlmap.py -u \u201c&lt;URL&gt;\u201d --batch --tables -D &lt;DATABASE&gt;<\/code><\/pre>\n<p>Enter the name of one of the database instances that you got from the list in the first query of this section.<\/p>\n<p>This test batch includes time-based, error-based, and UNION-based SQL injection attacks. It will then list the names of the tables that are in the specified database instance. This data is written to a log file as the program finishes.<\/p>\n<p>Get <b>the contents<\/b> of one of those tables with the following command:<\/p>\n<pre><code>$ sqlmap.py -u \u201c&lt;URL&gt;\u201d --batch --dump -T &lt;TABLE&gt; -D &lt;DATABASE&gt;<\/code><\/pre>\n<p>Substitute the name of one of the tables you discovered for the &lt;TABLE&gt; marker in that command format.<\/p>\n<p>The test will perform a UNION-based SQL injection attack and then query the named table, showing its records on the screen. This information is written to a log file and then the program terminates.<\/p>\n<h2><b>Explore the Cheat Sheet<\/b><\/h2>\n<p>The commands shown in this guide are just the start. Successful execution of these tests will give you the confidence to look through our <a href=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet.pdf\" target=\"_blank\" rel=\"noopener\">sqlmap Cheat Sheet PDF<\/a> and try other SQL injection tests.<\/p>\n<h2>sqlmap FAQs<\/h2>\n<div class=\"ct-faqs\"><div class=\"ct-faq-item\"><h2 class=\"ct-faq-item-q\">What is SQLmap used for?<\/h2><p class=\"ct-faq-item-a\"><p>The sqlmap utility is commonly used for penetration testing. The utility is accessed through a single command but all of the options available for the system create a long list of analytical scans that center around the databases that back websites. The hacker attack technique that sqlmap particularly focuses on is SQL injection.<\/p>\n<\/p><\/div><div class=\"ct-faq-item\"><h2 class=\"ct-faq-item-q\">How much does SQLmap cost?<\/h2><p class=\"ct-faq-item-a\"><p>The sqlmap tool is an open source project and anyone can use the software for free. The software is issued under the GNU General Public License.<\/p>\n<\/p><\/div><div class=\"ct-faq-item\"><h2 class=\"ct-faq-item-q\">Is sqlmap in Linux?<\/h2><p class=\"ct-faq-item-a\"><p>You can install sqlmap on Windows, Linux, and macOS. The tool is included with Kali Linux.<\/p>\n<\/p><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>sqlmap is a penetration testing tool for databases. As databases drive most websites, you need to check out this security tool.<\/p>\n","protected":false},"author":73,"featured_media":350833,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"ep_exclude_from_search":false,"footnotes":""},"categories":[1233],"tags":[13410,13540,14803,14804,15032],"class_list":["post-349565","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-net-admin","tag-guide","tag-net-admin","tag-sql","tag-sql-guide","tag-sqlmap"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>sqlmap Cheat Sheet: Commands for SQL Injection Attacks + PDF &amp; JPG<\/title>\n<meta name=\"description\" content=\"sqlmap is a penetration testing tool for databases. As databases drive most websites, you need to check out this security tool.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sqlmap Cheat Sheet\" \/>\n<meta property=\"og:description\" content=\"Sqlmap is a penetration testing tool for databases. As databases drive most websites, you need to check out this security tool.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/\" \/>\n<meta property=\"og:site_name\" content=\"Comparitech\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-06T11:01:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Stephen Cooper\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Sqlmap Cheat Sheet\" \/>\n<meta name=\"twitter:description\" content=\"Sqlmap is a penetration testing tool for databases. As databases drive most websites, you need to check out this security tool.\" \/>\n<meta name=\"twitter:creator\" content=\"@VPN_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Stephen Cooper\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/net-admin\\\/sqlmap-cheat-sheet\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/net-admin\\\/sqlmap-cheat-sheet\\\/\"},\"author\":{\"name\":\"Stephen Cooper\",\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/#\\\/schema\\\/person\\\/bc7a18fa32aafd5edf78990a2e6deb8f\"},\"headline\":\"sqlmap Cheat Sheet\",\"datePublished\":\"2021-08-06T11:01:49+00:00\",\"dateModified\":\"2024-11-14T12:33:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/net-admin\\\/sqlmap-cheat-sheet\\\/\"},\"wordCount\":2286,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/net-admin\\\/sqlmap-cheat-sheet\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cdn.comparitech.com\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/sqlmap-Cheat-Sheet-1.jpg\",\"keywords\":[\"Guide\",\"Net Admin\",\"SQL\",\"SQL Guide\",\"SQLmap\"],\"articleSection\":[\"Net Admin\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.comparitech.com\\\/net-admin\\\/sqlmap-cheat-sheet\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/net-admin\\\/sqlmap-cheat-sheet\\\/\",\"url\":\"https:\\\/\\\/www.comparitech.com\\\/net-admin\\\/sqlmap-cheat-sheet\\\/\",\"name\":\"sqlmap Cheat Sheet: Commands for SQL Injection Attacks + PDF & JPG\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/net-admin\\\/sqlmap-cheat-sheet\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/net-admin\\\/sqlmap-cheat-sheet\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cdn.comparitech.com\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/sqlmap-Cheat-Sheet-1.jpg\",\"datePublished\":\"2021-08-06T11:01:49+00:00\",\"dateModified\":\"2024-11-14T00:00:00Z\",\"author\":{\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/#\\\/schema\\\/person\\\/bc7a18fa32aafd5edf78990a2e6deb8f\"},\"description\":\"sqlmap is a penetration testing tool for databases. As databases drive most websites, you need to check out this security tool.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/net-admin\\\/sqlmap-cheat-sheet\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.comparitech.com\\\/net-admin\\\/sqlmap-cheat-sheet\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/net-admin\\\/sqlmap-cheat-sheet\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cdn.comparitech.com\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/sqlmap-Cheat-Sheet-1.jpg\",\"contentUrl\":\"https:\\\/\\\/cdn.comparitech.com\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/sqlmap-Cheat-Sheet-1.jpg\",\"width\":1200,\"height\":600,\"caption\":\"sqlmap Cheat Sheet\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/net-admin\\\/sqlmap-cheat-sheet\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.comparitech.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"sqlmap Cheat Sheet\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/#website\",\"url\":\"https:\\\/\\\/www.comparitech.com\\\/\",\"name\":\"Comparitech\",\"description\":\"Tech researched, compared and rated\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.comparitech.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.comparitech.com\\\/#\\\/schema\\\/person\\\/bc7a18fa32aafd5edf78990a2e6deb8f\",\"name\":\"Stephen Cooper\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ed444b01257fa5b0ca2781625664f4aac659b71ced9c2250415430b12e873e0a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ed444b01257fa5b0ca2781625664f4aac659b71ced9c2250415430b12e873e0a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ed444b01257fa5b0ca2781625664f4aac659b71ced9c2250415430b12e873e0a?s=96&d=mm&r=g\",\"caption\":\"Stephen Cooper\"},\"description\":\"Stephen Cooper has taken a close interest in online security since his thesis on Internet encryption in the early 90s. That formed part of his BSC (Hons) in Computing and Informatics at the University of Plymouth. In those days, encapsulation techniques were just being formulated and Cooper kept an eye on those methodologies as they evolved into the VPN industry. Cooper went on to study an MSC in Advanced Manufacturing Systems and Kingston University. He also holds an MSc Advanced Security and Digital Forensics from Edinburgh Napier University. Cooper worked as a technical consultant, sitting DBA exams and specializing in Oracle Applications. With a long experience as a programmer, Cooper is able to assess systems by breaking into programs and combing through the code. Knowledge of IT development and operations working practices helps him to focus his reviews on the attributes of software that are really important to IT professionals. After working as an IT consultant across Europe and the USA, he has become adept at explaining complicated technology in everyday terms. He is a people person with an interest in technology\",\"sameAs\":[\"https:\\\/\\\/x.com\\\/VPN_News\"],\"url\":\"https:\\\/\\\/www.comparitech.com\\\/author\\\/stephen-cooper\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"sqlmap Cheat Sheet: Commands for SQL Injection Attacks + PDF & JPG","description":"sqlmap is a penetration testing tool for databases. As databases drive most websites, you need to check out this security tool.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/","og_locale":"en_US","og_type":"article","og_title":"Sqlmap Cheat Sheet","og_description":"Sqlmap is a penetration testing tool for databases. As databases drive most websites, you need to check out this security tool.","og_url":"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/","og_site_name":"Comparitech","article_published_time":"2021-08-06T11:01:49+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-1.jpg","type":"image\/jpeg"}],"author":"Stephen Cooper","twitter_card":"summary_large_image","twitter_title":"Sqlmap Cheat Sheet","twitter_description":"Sqlmap is a penetration testing tool for databases. As databases drive most websites, you need to check out this security tool.","twitter_creator":"@VPN_News","twitter_misc":{"Written by":"Stephen Cooper","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/#article","isPartOf":{"@id":"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/"},"author":{"name":"Stephen Cooper","@id":"https:\/\/www.comparitech.com\/#\/schema\/person\/bc7a18fa32aafd5edf78990a2e6deb8f"},"headline":"sqlmap Cheat Sheet","datePublished":"2021-08-06T11:01:49+00:00","dateModified":"2024-11-14T12:33:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/"},"wordCount":2286,"commentCount":0,"image":{"@id":"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/#primaryimage"},"thumbnailUrl":"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-1.jpg","keywords":["Guide","Net Admin","SQL","SQL Guide","SQLmap"],"articleSection":["Net Admin"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/","url":"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/","name":"sqlmap Cheat Sheet: Commands for SQL Injection Attacks + PDF & JPG","isPartOf":{"@id":"https:\/\/www.comparitech.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/#primaryimage"},"image":{"@id":"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/#primaryimage"},"thumbnailUrl":"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-1.jpg","datePublished":"2021-08-06T11:01:49+00:00","dateModified":"2024-11-14T00:00:00Z","author":{"@id":"https:\/\/www.comparitech.com\/#\/schema\/person\/bc7a18fa32aafd5edf78990a2e6deb8f"},"description":"sqlmap is a penetration testing tool for databases. As databases drive most websites, you need to check out this security tool.","breadcrumb":{"@id":"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/#primaryimage","url":"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-1.jpg","contentUrl":"https:\/\/cdn.comparitech.com\/wp-content\/uploads\/2021\/07\/sqlmap-Cheat-Sheet-1.jpg","width":1200,"height":600,"caption":"sqlmap Cheat Sheet"},{"@type":"BreadcrumbList","@id":"https:\/\/www.comparitech.com\/net-admin\/sqlmap-cheat-sheet\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.comparitech.com\/"},{"@type":"ListItem","position":2,"name":"sqlmap Cheat Sheet"}]},{"@type":"WebSite","@id":"https:\/\/www.comparitech.com\/#website","url":"https:\/\/www.comparitech.com\/","name":"Comparitech","description":"Tech researched, compared and rated","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.comparitech.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.comparitech.com\/#\/schema\/person\/bc7a18fa32aafd5edf78990a2e6deb8f","name":"Stephen Cooper","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/ed444b01257fa5b0ca2781625664f4aac659b71ced9c2250415430b12e873e0a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/ed444b01257fa5b0ca2781625664f4aac659b71ced9c2250415430b12e873e0a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ed444b01257fa5b0ca2781625664f4aac659b71ced9c2250415430b12e873e0a?s=96&d=mm&r=g","caption":"Stephen Cooper"},"description":"Stephen Cooper has taken a close interest in online security since his thesis on Internet encryption in the early 90s. That formed part of his BSC (Hons) in Computing and Informatics at the University of Plymouth. In those days, encapsulation techniques were just being formulated and Cooper kept an eye on those methodologies as they evolved into the VPN industry. Cooper went on to study an MSC in Advanced Manufacturing Systems and Kingston University. He also holds an MSc Advanced Security and Digital Forensics from Edinburgh Napier University. Cooper worked as a technical consultant, sitting DBA exams and specializing in Oracle Applications. With a long experience as a programmer, Cooper is able to assess systems by breaking into programs and combing through the code. Knowledge of IT development and operations working practices helps him to focus his reviews on the attributes of software that are really important to IT professionals. After working as an IT consultant across Europe and the USA, he has become adept at explaining complicated technology in everyday terms. He is a people person with an interest in technology","sameAs":["https:\/\/x.com\/VPN_News"],"url":"https:\/\/www.comparitech.com\/author\/stephen-cooper\/"}]}},"_links":{"self":[{"href":"https:\/\/www.comparitech.com\/wp-json\/wp\/v2\/posts\/349565","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.comparitech.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.comparitech.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.comparitech.com\/wp-json\/wp\/v2\/users\/73"}],"replies":[{"embeddable":true,"href":"https:\/\/www.comparitech.com\/wp-json\/wp\/v2\/comments?post=349565"}],"version-history":[{"count":15,"href":"https:\/\/www.comparitech.com\/wp-json\/wp\/v2\/posts\/349565\/revisions"}],"predecessor-version":[{"id":493340,"href":"https:\/\/www.comparitech.com\/wp-json\/wp\/v2\/posts\/349565\/revisions\/493340"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.comparitech.com\/wp-json\/wp\/v2\/media\/350833"}],"wp:attachment":[{"href":"https:\/\/www.comparitech.com\/wp-json\/wp\/v2\/media?parent=349565"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.comparitech.com\/wp-json\/wp\/v2\/categories?post=349565"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.comparitech.com\/wp-json\/wp\/v2\/tags?post=349565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}