SQLmap level and risk
SQLmap is a powerful tool, but its testing is not always as comprehensive. By default, SQLmap tests only the most common parameters and the most safe attack methods. The --level and --risk switches determine how extensively and aggressively the testing is performed.
- --level = how many different parameters are tested
- --risk = how dangerous attack techniques are tested
These can be used to balance the coverage of testing and the risk of overloading the service.
--level
By default, SQLmap uses --level=1, which is sufficient for quick checks. But what if the injection is hidden in a cookie or header?
- --level=1: Tests only URL parameters and POST data
- --level=2: Includes cookies and HTTP headers such as User-Agent and Referer
- --level=3–5: Tests almost all possible parameters – often only needed in in-depth audits
Example: The application uses a cookie sessionid=12345. The injection is hidden within this value. If only --level=1 is used, SQLmap will not even test the cookie → the result may go unnoticed. However, --level=2 tests it and reveals the injection.
1sqlmap -u "http://sivu.fi/hae.php?id=1" --cookie="sessionid=12345" --level=2Learn to hack — start here
Hundreds of interactive courses, virtual labs and CTF challenges in your browser. Start a free trial — no card required.