Database Enumeration
Enumeration With SQLmap
SQLmap is noisy as hell.
Here is the official options/examples page: https://github.com/sqlmapproject/sqlmap/wiki/Usage. For example, save a captured header as an input file for SQLmap:
Load HTTP request from a file
Option: -r
One of the possibilities of sqlmap is loading of raw HTTP request from a textual file. That way you can skip usage of a number of other options (e.g. setting of cookies, POSTed data, etc).
Sample content of a HTTP request file:
POST /vuln.php HTTP/1.1 Host: www.target.com User-Agent: Mozilla/4.0 id=1
Note that if the request is over HTTPS, you can use this in conjunction with switch --force-ssl to force SSL connection to 443/tcp. Alternatively, you can append :443 to the end of the Host header value.
—https://github.com/sqlmapproject/sqlmap/wiki/Usage
For a simpler example see this tutorial:
https://www.securesolutions.no/enumeration-with-sqlmap/.
Find a page with a form you can attack, preferably using GET strings. This should let you enumerate databases:
./sqlmap.py -u http://www.example.com/page.php?id=1
Now list tables:
./sqlmap.py -u http://example.com --tables