SQLMap takes long time, when i choose level=5 and risk=3

Question

When I set risk=3 and level=5, sqlmap takes a long time and about 1 hour to finish the task, its really tedious, I am a newbie to Penetration Testing, kindly help me.

python sqlmap.py -u "Application url"  --dbms=MySQL --threads=10 -time-sec=10 --level=3 --risk=2 --cookie="PHPSESSID:1r4fk7m10s3sj0nkbgdu1a48v0" --batch -v2 -o --keep-alive --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" --no-cast --no-escape --tamper="space2comment,between"

Answer 1

setting higher risk and level values increases the number of attempts with different added attacks on the parameter. You should start with medium values a.ka. level=2 risk=1..etc..and then increment if it doesn't work. As the other user pointed out...sqlmap is very noisy. In a some Databases ..it will actually leave behind all the attempts as entry into the table rows.

Answer 2

Sometimes SQL injection is very slow and tedious (like if it requires time-based blind SQLi).

In your case, it looks like you are using -time-sec=10, which from the output of the help command is: Seconds to delay the DBMS response. So, you appear to be artificially delaying the response by 10 seconds per request. If that is necessary, of course it will take forever. If it isn't necessary, then, well... take it out and it should finish (at least) twice as fast.

Also, keep in mind that SQLi can be very noisy, and could get you caught on a pentest. Often, slow and steady is preferred.