sqlmap

From HandWiki

sqlmap is an open source software that is used to detect and exploit database vulnerabilities and provides options for injecting malicious codes into them.[1]

It is a penetration testing tool that automates the process of detecting and exploiting SQL injection flaws providing its user interface in the terminal.[2]

The software is run at the command line and is available to download for different operating systems: Linux distributions, Windows and Mac OS operating systems.[3]

In addition to mapping and detecting vulnerabilities, the software enables access to the database, editing and deleting data, and viewing data in tables such as users, passwords, backups, phone numbers, e-mail addresses, credit cards and other confidential and sensitive information.

sqlmap has full support for multiple DBMSs, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird and SAP MaxDB.

And full support for all injection techniques: Boolean, Error, Stack, Time, Union.

The standard use of the software in the Unix environment will be as follows: 

sqlmap -u "http://172.16.0.0/files/file.php?id=1"

Additional values can be combined:

  • --dbs: will display the databases.
  • --tables: will display tables in the database.
  • --columns: Will display columns in the database.
  • --dump: Will dump DBMS database entries.

The help file is prompted by command

sqlmap -h

References

  1. "sqlmap: automatic SQL injection and database takeover tool". http://sqlmap.org/. 
  2. "Automated Audit using SQLMap - OWASP" (in en). https://www.owasp.org/index.php/Automated_Audit_using_SQLMap. 
  3. "sqlmap: automatic SQL injection and database takeover tool". http://sqlmap.org/. 

External links




Retrieved from "https://handwiki.org/wiki/index.php?title=Sqlmap&oldid=59917"