Open-source tool that automates SQL injection detection, exploitation, and database takeover
- Stars37.7k
- Forks6.3k
- Open Issues51
Other
- Python
- C
- Shell
About sqlmap
sqlmap is a penetration testing tool that automates detecting and exploiting SQL injection flaws and taking over database servers. It targets web applications and their database backends, automating work that would otherwise be done by hand.
A powerful detection engine pairs with a broad set of switches for database fingerprinting, fetching data from the database, accessing the underlying file system, and executing operating system commands through out-of-band connections. It runs on Python 2.7 and 3.x on any platform.
Command line options cover everything from basic scans to advanced tuning for the demanding tester. It works out of the box once downloaded, and a detailed user's manual documents every option, switch, and supported feature.
Key features
- Automates detection and exploitation of SQL injection flaws
- Database fingerprinting and data extraction
- Access to the underlying file system
- Executes operating system commands via out-of-band connections
- Command-line options for basic and advanced use
Details
- First released
- 2012
- License
- GPL-2.0
- Platforms
- Windows · macOS · Linux
- Language
- Python 2.7 / 3.x
- Deployment
- offline-first
- Targets
- SQL injection · DB takeover