sqlmap: automatic SQL injection and database takeover tool | Website analytics by TrustRadar
Blurry colored background
sqlmap.org Penetration Testing Security Tool SQL Injection

sqlmap: automatic SQL injection and database takeover tool

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

TrustScore Level

Technology Cybersecurity
Unique Visits

135K

4500 / day

Total Views

150K

5000 / day

Visit Duration, avg.

3.8 min

2.5 pages per visit

Bounce Rate

40%

  • Domain Rating

  • Domain Authority

  • Citation Level

Founded in

2006

Supported Languages

English, etc

Website Key Features

Full support for six SQL injection techniques

Boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.

Direct connection to the database

Supports connecting to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.

Support to enumerate users, password hashes, privileges, roles, databases, tables and columns

Automatically identifies the database structure and retrieves the data.

Automatic recognition of password hash formats

Supports cracking password hashes using a dictionary-based attack.

Support to download and upload any file from the database server underlying file system

Allows for file system access on the database server.

Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system

Enables command execution on the database server's operating system.

Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system

Facilitates complex attacks requiring out-of-band communication.

Support for database process' user privilege escalation via Metasploit's Meterpreter getsystem command

Allows for privilege escalation on the database server.

Similar Sites and Competitors

O

OWASP Foundation

owasp.org
K

Kali Linux

kali.org
M

Metasploit

metasploit.com
N

Nmap

nmap.org
E

Exploit Database

exploit-db.com
S

SecurityFocus

securityfocus.com
P

Packet Storm Security

packetstormsecurity.com
T

The Hacker News

thehackernews.com
D

Dark Reading

darkreading.com
I

Infosecurity Magazine

infosecurity-magazine.com
C

CSO Online

csoonline.com
T

Threatpost

threatpost.com
S

SC Media

scmagazine.com
H

Help Net Security

helpnetsecurity.com
S

Security Week

securityweek.com
C

CyberScoop

cyberscoop.com
B

BleepingComputer

bleepingcomputer.com
Z

ZDNet Security

zdnet.com
T

TechRepublic Security

techrepublic.com
C

CNET Security

cnet.com

Additional information

License

sqlmap is released under the GPLv2 license.

Repository

The source code is hosted on GitHub, allowing for community contributions and forks.

Community and Support

sqlmap has a vibrant community of users and developers. Support is available through forums, GitHub issues, and IRC channels.

Documentation

Comprehensive documentation is available, including a user manual, wiki, and a series of tutorials and videos.

Compatibility

sqlmap is compatible with any Python-supported platform, including Windows, Linux, and macOS.

HTTP headers

Security headers report is a very important part of user data protection. Learn more about http headers for sqlmap.org