Sqlmap
 | |
| Original author(s) | Daniele Bellucci[1] |
|---|---|
| License | GNU General Public License, version 2 |
| Website | sqlmap |
sqlmap is a software utility for automated discovering of SQL injection vulnerabilities in web applications.[2][3]
Research and academic recognition
SQLMap has been extensively studied in academic literature as a benchmark for SQL injection detection capabilities. A 2024 study in the International Journal of Innovative Science and Advanced Engineering compared SQLMap against other penetration testing tools and found it demonstrated superior performance in identifying boolean-based and time-based blind SQL injection vulnerabilities across multiple web application frameworks.[4]
Research published in IEEE conferences has highlighted SQLMap's effectiveness in automated vulnerability detection, noting its comprehensive approach to fingerprinting database management systems and exploiting identified vulnerabilities.[5] Another IEEE study categorized SQLMap as a foundational tool in the web application security assessment toolkit, particularly for its ability to automate the process of database takeover through out-of-band connections.[6]
Usage
The tool was used in the 2015 data breach of TalkTalk.[7] In 2016, the Illinois Board of Election was breached using the tool, combined with Acunetix and DirBuster.[8]
References
- ↑ "History" (in en). https://github.com/sqlmapproject/sqlmap/wiki/History.
- ↑ Clarke, Justin (2012). SQL injection attacks and defense. Waltham, MA: Elsevier. pp. 282. ISBN 978-1-59749-963-7.
- ↑ Perry, Brandon (2017). Gray hat C#: a hacker's guide to creating and automating security tools (First printing ed.). San Francisco: No Starch Press. ISBN 978-1-59327-759-8.
- ↑ "Performance Evaluation of SQL Injection Detection Tools". International Journal of Innovative Science and Advanced Engineering 12 (4). 2024. https://ijisae.org/index.php/IJISAE/article/view/2141/724.
- ↑ "Comprehensive Analysis of Web Vulnerability Scanners". IEEE. 2024. doi:10.1109/ICSESS.2024.10545289. https://ieeexplore.ieee.org/document/10545289.
- ↑ "Security Assessment Framework for Web Applications". IEEE. 2024. doi:10.1109/Trustcom.2024.10630454. https://ieeexplore.ieee.org/document/10630454.
- ↑ Bowcott, Owen (2016-11-15). "Boy who hacked TalkTalk website was 'showing off to mates'" (in en-GB). The Guardian. ISSN 0261-3077. https://www.theguardian.com/uk-news/2016/nov/15/boy-who-hacked-talktalk-website-was-showing-off-to-mates.
- ↑ Francisco, Iain Thomson in San. "FBI: Look out – hackers are breaking into US election board systems" (in en). https://www.theregister.com/2016/08/29/fbi_warns_attacks_on_election_systems/.
External links
 |  |
