/cheatsheets/web/Recent content in Web on nix4cyberHugoenCopyright (c) 2025 nix4cyber/cheatsheets/web/data-exfiltration/Mon, 01 Jan 0001 00:00:00 +0000/cheatsheets/web/data-exfiltration/<p>Data Exfiltration is a post-exploitation technique used in cybersecurity to secretly and successfully transfer sensitive, unauthorized data from a protected network or computer system to an external location, often bypassing security controls and monitoring systems.</p>/cheatsheets/web/discovery/Mon, 01 Jan 0001 00:00:00 +0000/cheatsheets/web/discovery/<p><strong>Discovery</strong>, often known as <strong>Reconnaissance</strong> or <strong>Information Gathering</strong>, is the crucial initial phase in any security assessment or penetration test where the objective is to passively and actively find targets, map network topology, enumerate subdomains, locate hidden files, and identify potential points of entry before attempting exploitation.</p>/cheatsheets/web/resources/Mon, 01 Jan 0001 00:00:00 +0000/cheatsheets/web/resources/<div class="card-nav d-flex flex-column flex-sm-row"> <div class="card text-end w-100"> <div class="card-body d-flex"> <div class="d-flex flex-column me-auto text-start"> <h5 class="card-title my-0"><a href="https://swisskyrepo.github.io/PayloadsAllTheThings" target="_blank" class="stretched-link text-reset text-decoration-none">PayloadsAllTheThings</a></h5> <p class="card-text mt-1">A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques!</p>/cheatsheets/web/sqlmap/Mon, 01 Jan 0001 00:00:00 +0000/cheatsheets/web/sqlmap/<p>SQLmap is an <a href="https://github.com/sqlmapproject/sqlmap">open-source tool</a> that automates the detection and exploitation of SQL Injection vulnerabilities. It is the essential tool for web penetration testing.</p> <h2 id="basic-commands">Basic Commands</h2> <table> <thead> <tr> <th>Action</th> <th>Command</th> </tr> </thead> <tbody> <tr> <td>Simple test</td> <td><code>sqlmap -u $url</code></td> </tr> <tr> <td>POST Request</td> <td><code>sqlmap -u $url --data &quot;username=test&amp;password=test&quot;</code></td> </tr> <tr> <td>List databases</td> <td><code>sqlmap -u $url --dbs</code></td> </tr> <tr> <td>List tables</td> <td><code>sqlmap -u $url -D $dbname --tables</code></td> </tr> <tr> <td>List columns</td> <td><code>sqlmap -u $url -D $dbname -T $table --columns</code></td> </tr> <tr> <td>Data Dump</td> <td><code>sqlmap -u $url -D $dbname -T $table -C &quot;COL1,COL2&quot; --dump</code></td> </tr> </tbody> </table> <h2 id="injection-techniques">Injection Techniques</h2> <p>SQLmap can use various techniques to extract data. You can specify them to refine your search.</p>