How to use custom script with sqlmap?

Hello. As I know, sqlmap use single url for scaning sql injection. I wrote script that found all urls with potentially sql injection. It’s writes some urls (for examlpe 15).

How to use with bash sqlmap with line by line output of my script with sqlmap --url parameter ?

For example: sqlmap --url $(python myscript.py)

As a result, it turns out that the parameter will be the entire output, and not line by line.

How to do it line by line? One line = one parameter?

Sorry I didn’t get your question. Do you want to write a bash script so that sqlmap can run for multiple URLs instead of just giving 1 URL?

Yes, right.

You can just do a for loop within bash and read the URLs from a different file.
For reading file line by line - Linux/UNIX: Bash Read a File Line By Line
For loop within bash - Bash For Loop Examples

1 Like