SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.
Install:
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
NOTE: SQLMap works out of the box with Python version 2.6, 2.7 and 3.x on any platform.
How to use?
To get a list of basic options and switches use:
python sqlmap.py -h
To get a list of all options and switches use:
python sqlmap.py -hh
Example of commands used when I found a vulnerable website:
Yorumlar