sqlmap is a popular CLI tool for detecting and exploiting SQLi vulnerabilities. Since we're only interested in discovering those bugs, we're less interested in the weaponization, except for brainstorming possible attack scenarios for report submissions.
The simplest use of sqlmap is using the -u flag to target the parameters being passed in a specific URL. Using webscantest.com again as our example target, we can test the parameters in a form submission specifically vulnerable to GET requests:
sqlmap -u "http://webscantest.com/datastore/search_get_by_id.php?id=3"
As sqlmap begins probing the parameters passed in the target URL, it will prompt you to answer several questions about the direction and scope of the attack:
it looks like the back-end DBMS is 'MySQL'. Do you want...
