Controlling Test Intensity

SQLMap provides options to control the intensity and aggressiveness of your scans. This allows you to balance thoroughness with speed and safety.

Understanding and Using --level (1-5)

The --level parameter controls the thoroughness of the vulnerability detection process:

sqlmap -u "http://www.example.com/vuln.php?id=1" --level 3

Each level increases the scope of parameters examined and the types of payloads used:

The payloads and boundaries used by SQLMap are defined in the xml/payloads.xml file, and you can add custom payloads to enhance detection capabilities.

Understanding and Using --risk (1-3)

The --risk parameter controls the aggressiveness of the vulnerability detection process:

sqlmap -u "http://www.example.com/vuln.php?id=1" --risk 2

Each risk level determines the types of payloads SQLMap will use:

Real-World Use Case: Aggressive Scanning for Hidden Parameters

In a real-world penetration test, you might encounter a web application that appears secure at first glance. For thorough testing, you can increase both the level and risk:

sqlmap -u "http://www.example.com/vuln.php?id=1" --level 5 --risk 3

This aggressive scan will:

• Test all possible parameters, including HTTP headers and cookies
• Use more dangerous payloads that could potentially cause DoS or data corruption
• Uncover hidden vulnerabilities that standard scans might miss

This approach is particularly effective for:

• Applications with custom HTTP headers
• Applications with sophisticated input validation
• Applications protected by Web Application Firewalls (WAFs)

Remember to use aggressive scanning responsibly and only in controlled environments with proper authorization.