sqlmap: a SQL injection tool

News

Introduction

sqlmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Features

Here is a list of major features implemented in sqlmap:

Documentation

Download

sqlmap can be downloaded from its SourceForge File List page and the development release from its SourceForge Subversion repository that can be surfed with the web browser or accessed to download sqlmap:

$ svn checkout https://sqlmap.svn.sourceforge.net/svnroot/sqlmap sqlmap

Whatever way you downloaded sqlmap, just run svn update in its root directory (where there is the main file, sqlmap.py) to synchronize with the SVN repository retrieving its source code updates on your working copy to assure that you are going to run the latest version of the program.

Further information about the usage of SourceForge Subversion repository can be found here.

License

sqlmap is released under the terms of the General Public License v2.

Sponsorship

OWASP Spring of Code 2007 logo

Part of the sqlmap development was sponsored by the Open Web Application Security Project during the OWASP Spring of Code 2007:

Donations

References

Books and guides

White papers, slides and cheat sheets

Sites

Contacts

Feel free to contact us for comments, suggestions, bug reports and patches.


Valid HTML 4.01! Valid CSS! Viewable With Any Browser SourceForge.net Logo