• Diniz Martins

SQLMap

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.


Install:

git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev

NOTE: SQLMap works out of the box with Python version 2.6, 2.7 and 3.x on any platform.


How to use?

To get a list of basic options and switches use:

python sqlmap.py -h

To get a list of all options and switches use:

python sqlmap.py -hh

Example of commands used when I found a vulnerable website:



43 views0 comments

Recent Posts

See All

Robots.txt

Robots.txt is a text file with instructions for search engine crawlers. It defines which areas of a website crawlers are allowed to search. However, these are not explicitly named by the robots.txt fi

Sudo and CVE-2021-3156

Sudo stands for SuperUser DO and is used to access restricted files and operations. By default, Linux restricts access to certain parts of the system preventing sensitive files from being compromised.