HAKATEMIA
17Tools

SQLmap level and risk

Easy5MIN

SQLmap is a powerful tool, but its testing is not always as comprehensive. By default, SQLmap tests only the most common parameters and the most safe attack methods. The --level and --risk switches determine how extensively and aggressively the testing is performed.

  • --level = how many different parameters are tested
  • --risk = how dangerous attack techniques are tested

These can be used to balance the coverage of testing and the risk of overloading the service.

--level

By default, SQLmap uses --level=1, which is sufficient for quick checks. But what if the injection is hidden in a cookie or header?

  • --level=1: Tests only URL parameters and POST data
  • --level=2: Includes cookies and HTTP headers such as User-Agent and Referer
  • --level=3–5: Tests almost all possible parameters – often only needed in in-depth audits

Example: The application uses a cookie sessionid=12345. The injection is hidden within this value. If only --level=1 is used, SQLmap will not even test the cookie → the result may go unnoticed. However, --level=2 tests it and reveals the injection.

BASH
1sqlmap -u "http://sivu.fi/hae.php?id=1" --cookie="sessionid=12345" --level=2
1 / 3
Hakatemia Pro

Learn to hack — start here

Hundreds of interactive courses, virtual labs and CTF challenges in your browser. Start a free trial — no card required.