Sqlmap Overview

A quick presentation of sqlmap, a popular SQL injection tool

Sqlmap is an open source SQL injection tool that automates the process of testing and exploiting SQL injection vulnerabilities. The tool being developed in Python, you can use it on any operating system as long as you have a Python interpreter.

Supported DBMS

Sqlmap supports a wide range of DBMS. At the time of this writing it fully supports the following databases: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB.

Sqlmap Features

From detection to exploit, sqlmap has rich features for penetration testers.

Supported techniques

Sqlmap supports different attack vectors. The most known functionalities are classic SQL injection techniques such as UNION query and stacked queries attacks. But sqlmap is also capable of retrieving data using a different channel and supports out-of-band attacks. Finally, this SQL injection tool can also achieve error-based, boolean-based blind and time-based blind SQL injections.

Enumeration

One key functionality of sqlmap is its capacity to enumerate automatically database information. Precious data such as users, roles, privileges, databases, tables, columns and even password hashes can be retrieved from a simple command. It also combines the automatic recognition of password hash format. It is even possible for the tester to automatically launch a dictionary based attack to crack them.

Attacks

Pretty handy functionalities are offered by sqlmap. To name a few, you can :

  • Execute arbitrary commands and retrieve their outpout (MySQL, PostgreSQL and SQL Server).
  • Establish a TCP connection between the testers’ machine and the database server.
  • Download or upload any file from the database server (MySQL, PostgreSQL and SQL Server).
  • Escalate privilege by launching Metasploit’s Meterpreter getsystem command.

To get the extended list of features refer to sqlmap features page.

Limitation

Like every sql injection scanner, sqlmap will be somehow limited in terms of finding vulnerabilities. On the other, side its enumeration functionalities are really powerful. In addition, attack features will allows the attacker to exploit most systems with a sql injection flaw.

Getting Started

After downloading sqlmap, take a quick look at our sqlmap tutorial to get started!