This is the most basic option in SQLMap. It tells the tool which URL to test for SQL injection vulnerabilities. You must provide a full URL (including the vulnerable parameter, e.g., ?id=1).
This option allows SQLMap to automatically crawl the target website and find other links (and parameters) that may be vulnerable. The number you provide indicates how many levels deep it should crawl.
sqlmap -u {URL} --crawl {number}
Depth 1: [<http://www.example.com/news>](<http://www.example.com/news>)
Depth 2: [<http://www.example.com/news/newest/>](<http://www.example.com/news/newest/>)
Depth 3: [<http://www.example.com/news/newest/terror/>](<http://www.example.com/news/newest/terror/>)
Depth 4: [<http://www.example.com/news/newest/terror/country/>](<http://www.example.com/news/newest/terror/country/>)
Enables non-interactive mode, which means SQLMap will automatically answer all questions with default choices. This is useful in automation or when you don’t want to be prompted.
sqlmap -u {URL} -- batch
