Back to Course

The Practical Guide to sqlmap for SQL Injection

0% Complete
0/0 Steps
Lesson 1 of 61
In Progress

About the course

Christophe June 14, 2021

sqlmap is an incredibly powerful tool for finding and exploiting SQL injection vulnerabilities. There are so many different options and so many features that can make the difference between finding and not finding vulnerabilities in pentest and bug bounty engagements — and that’s why I created this course.

In this video, I’ll explain a little bit about how this course is structured so that you can navigate it. I’ll also show you where you can download resources and cheat sheets that are included with the course, and I’ll give a high-level overview of what you can expect to learn.

The main goal of this course is to make you proficient in the use of sqlmap for professional engagements. I want this to be a resource for you that not only helps you build a very solid foundation, but also acts as a practical guide that you can use throughout your career — in addition to sqlmap’s official documentation.

That’s why I’ve laid out the course in 3 main sections.

The course is broken down in 3 main sections

Getting started with the course, creating a home lab environment, and the basics of sqlmap

Getting started with the course is where you are right now. Shortly after, we will move on to creating a home lab environment. Not only will the home lab help you follow along throughout the course, but it will also show you how to quickly spin up test environments for you to practice sqlmap’s options.

As we cover the basics of sqlmap, we’ll also take a look at how the source code is structured, how you can find payloads used by the tool, and other important files and configurations that you can modify as you become a more advanced user of sqlmap

sqlmap Options Deep Dive

In this section, we look at every single option and feature that sqlmap has to offer with examples and explanations of how and when to use those options, and of course, how to configure them.

sqlmap in action

While most of the course is built with practice in mind, this last section takes everything that we’ve learned about sqlmap’s features and options, and implements it in real-world scenarios. That way you can see how options can be used together in order to troubleshoot problems, implement sqlmap in your development and deployment pipelines, or use the tool in pentest and bug bounty engagements.

Order of completion

I do recommend going from top to bottom and completing each section one after the other in order to get the most out of this course. With that said, I also understand that you might have a specific need right now that could be solved with just one or two of these sections, and so you might want to go directly there in order to save time. For example, if you’re currently struggling to bypass a Web Application Firewall with sqlmap for a bug bounty program, then feel free to jump directly to the “Bypassing WAFs” section.

And then going back and filling in your knowledge gaps with the remaining sections.

Downloads and resources

Before you get started, I’d also highly encourage you to download all of the included resources. It’s really quick and easy: go to the main course page, scroll down to just above the course syllabus where you will see a Course tab and a Materials tab. Click on the Materials tab and you will see all of the available downloads. These will be helpful as you go through the course, but also as you use sqlmap in your professional engagements.

Chat with other students and members of the community

Finally, I’d encourage you to join our Discord server by going to where you will be able to interact directly with me and with students of this course and our other courses. This is a great place to ask questions and contribute, and so are our forums which you can find by going to


That’s it for this About the Course video, I hope you are as excited to get started as I am, so let’s go ahead and complete this lesson, and I’ll see you in the next.


Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.