kali自带sqlmap使用报错[CRITICAL] unable to connect to the target URL. sqlmap is going to retry the request(s) 下载sqlmap方法

kali自带的sqlmap使用报错

root@kali:~# sqlmap -u "http://192.168.204.133/mutillidae/index.php?page=user-info.php&username=admin&password=admin&user-info-php-submit-button=View+Account+Details" --batch -p username
___
__H__
___ ___[.]_____ ___ ___ {1.4.4#stable}
|_ -| . ['] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V... |_| http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 01:47:43 /2022-10-30/

[01:47:43] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('PHPSESSID=isekpb0u4bn...vg3fhitff4;showhints=1'). Do you want to use those [Y/n] Y
[01:47:45] [INFO] checking if the target is protected by some kind of WAF/IPS
[01:47:47] [INFO] testing if the target URL content is stable
[01:47:50] [INFO] target URL content is stable
[01:47:50] [CRITICAL] unable to connect to the target URL. sqlmap is going to retry the request(s)
[01:47:50] [CRITICAL] unable to connect to the target URL
[01:47:50] [WARNING] heuristic (basic) test shows that GET parameter 'username' might not be injectable
[01:47:51] [INFO] heuristic (XSS) test shows that GET parameter 'username' might be vulnerable to cross-site scripting (XSS) attacks
[01:47:51] [INFO] testing for SQL injection on GET parameter 'username'
[01:47:51] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[01:47:51] [CRITICAL] unable to connect to the target URL. sqlmap is going to retry the request(s)
[01:47:51] [CRITICAL] unable to connect to the target URL
[01:47:51] [CRITICAL] unable to connect to the target URL. sqlmap is going to retry the request(s)
[01:47:51] [CRITICAL] unable to connect to the target URL
[01:47:53] [WARNING] reflective value(s) found and filtering out

 

进入/usr/share,删掉目录 sqlmap

root@kali:/usr/share# git clone --depth 1 http://github.com/sqlmapproject/sqlmap.git sqlmap-dev
Cloning into 'sqlmap-dev'...
warning: redirecting to https://github.com/sqlmapproject/sqlmap.git/
remote: Enumerating objects: 720, done.
remote: Counting objects: 100% (720/720), done.
remote: Compressing objects: 100% (493/493), done.
remote: Total 720 (delta 242), reused 468 (delta 214), pack-reused 0
Receiving objects: 100% (720/720), 6.98 MiB | 660.00 KiB/s, done.
Resolving deltas: 100% (242/242), done.
root@kali:/usr/share# sql

 

root@kali:/usr/src# alias sqlmap='python /usr/share/sqlmap-dev/sqlmap.py'