setting higher risk and level values increases the number of attempts with different added attacks on the parameter. You should start with medium values a.ka. level=2 risk=1..etc..and then increment if it doesn't work. As the other user pointed out...sqlmap is very noisy. In a some Databases ..it will actually leave behind all the attempts as entry into the table rows.
Answer from Muhammad Ismail on Stack OverflowRAW SQL Injection - Information Security Stack Exchange
sql injection - Sqlmap Sleepy User-Agent - Information Security Stack Exchange
time-based issue
Running SQLmap
Hello Beginning_Calendar30,
If you are having a generic Linux or networking issue (configuring adapters, booting, VMs, using various tools, etc.) you'll have better luck asking a question in one of the following subreddits:
-
r/linuxquestions
-
r/linux4noobs
-
r/techsupport
Check the sidebar for more information. Before posting a question in these subreddits, see if you can make any progress by Googling the precise issues and/or errors you are having. Please consider removing your submission if you believe it better belongs in another subreddit.
Kali Linux isn't a good first choice for learning the basics of GNU/Linux. Other distros are far more beginner friendly like Pop!_OS (r/pop_os), Linux Mint (r/linuxmint), and Ubuntu (r/Ubuntu).
[ This message was sent automatically, if sent in error, please disregard. PM for feedback :) ]
More on reddit.comsetting higher risk and level values increases the number of attempts with different added attacks on the parameter. You should start with medium values a.ka. level=2 risk=1..etc..and then increment if it doesn't work. As the other user pointed out...sqlmap is very noisy. In a some Databases ..it will actually leave behind all the attempts as entry into the table rows.
Sometimes SQL injection is very slow and tedious (like if it requires time-based blind SQLi).
In your case, it looks like you are using -time-sec=10, which from the output of the help command is: Seconds to delay the DBMS response. So, you appear to be artificially delaying the response by 10 seconds per request. If that is necessary, of course it will take forever. If it isn't necessary, then, well... take it out and it should finish (at least) twice as fast.
Also, keep in mind that SQLi can be very noisy, and could get you caught on a pentest. Often, slow and steady is preferred.
while running:
~# sqlmap http://www.website.com/
When i use sqlmap there is an optimized value and takes forever to print out Databases and Tables
"do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n]"
Anyone know how to fix this? or make it faster?
Hello Beginning_Calendar30,
If you are having a generic Linux or networking issue (configuring adapters, booting, VMs, using various tools, etc.) you'll have better luck asking a question in one of the following subreddits:
-
r/linuxquestions
-
r/linux4noobs
-
r/techsupport
Check the sidebar for more information. Before posting a question in these subreddits, see if you can make any progress by Googling the precise issues and/or errors you are having. Please consider removing your submission if you believe it better belongs in another subreddit.
Kali Linux isn't a good first choice for learning the basics of GNU/Linux. Other distros are far more beginner friendly like Pop!_OS (r/pop_os), Linux Mint (r/linuxmint), and Ubuntu (r/Ubuntu).
[ This message was sent automatically, if sent in error, please disregard. PM for feedback :) ]
It basically delays the testing to increase the chances of finding an injection point for a slow website. Usually used for time based sqli. To speed things up choose N Or set time-sec to a small value. You can also change the testing function from SLEEP to something else although not recommended.