31 July 2009 | 15,014 views

sqlmap 0.7 Released – Automatic SQL Injection Tool

Check For Vulnerabilities with Acunetix

We’ve been following sqlmap since it first came out in Feburary 2007 and it’s been quite some time since the last update sqlmap 0.6.3 in December 2008.

For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications.

Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Recent Changes

Along all the takeover features introduced in sqlmap 0.7 release candidate 1, some of the new features include:

  • Adapted Metasploit wrapping functions to work with latest 3.3 development version too.
  • Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
  • Reset takeover OOB features (if any of –os-pwn, –os-smbrelay or –os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter.
  • This make sqlmap 0.7 to work again on Windows too.
  • Minor improvement so that sqlmap tests also all parameters with no value (eg. par=).
  • HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+.

For a complete list of changes view the ChangeLog.

The manual is available here – README.pdf [PDF]

You can download sqlmap 0.7 here:

Linux Source: sqlmap-0.7.tar.gz
Windows Portable: sqlmap-0.7_exe.zip

Or read more here.



Recent in Database Hacking:
- Navy Sys Admin Hacks Into Databases From Aircraft Carrier
- aidSQL – PHP Application For SQL Injection Detection & Exploitation
- 1 Million Accounts Leaked From Banks, Government Agencies & Consultancy Firms

Related Posts:
- sqlmap 0.9 Released – Automatic Blind SQL Injection Tool
- sqlmap 0.5 – Automated SQL Injection Tool
- sqlmap 0.6.1 released – Automatic SQL Injection Tool

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 72,554 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 53,783 views
- Absinthe Blind SQL Injection Tool/Software - 38,965 views

Low-cost VPS Hosting

13 Responses to “sqlmap 0.7 Released – Automatic SQL Injection Tool”

  1. Olly 31 July 2009 at 11:43 am Permalink

    When I downloaded the windows version Avast detected HTML:Malware-gen in the zip archive.

  2. Jeff Price 1 August 2009 at 12:13 am Permalink

    Why is a tool even needed, this is simple enough without one. I guess it will just give script kiddiz something to do. If you need a tool to do this, you are a wana be hacker that will never be a real one.

  3. wtf 1 August 2009 at 1:04 am Permalink

    Yah Jeff, I guess you’ve never used nmap either you craft the raw packets each time you need to do a port scan in assembly. Hardcore!

  4. Jeff Price 1 August 2009 at 1:09 am Permalink

    sql injection is way different then making ethernet frames. Mostly ascii. You can’t really compare the two. And yes I haveed crafted my own packets for port scanning, you need to when you scan behind a firewall. Or to route it though you to a fake target so it looks like someone else is port scanning while you just read the tcpdump.

  5. um 2 August 2009 at 4:30 pm Permalink

    Jeff, I’m pretty sure you wasted your time. I can’t think of any reason a hand crafted packet could be more effective from behind a firewall than what nmap can create. And I know for a fact nmap can spoof the source address.

    And yeah, you can compare the too. Both tools automate a time consuming and repetitive task so you can focus on the results without wasting time getting them.

  6. jp 2 August 2009 at 11:11 pm Permalink

    lets see you use nmap to scan a computer behind a firewall.

  7. Pyus 6 August 2009 at 10:29 am Permalink

    sometimes i touch myself behind my firewall with nmap

  8. jp 6 August 2009 at 2:43 pm Permalink

    you you would be one of those retarded script kiddies

  9. S0L0 6 August 2009 at 8:59 pm Permalink

    Jeff Price aka jp is a troll. Check out his other posts.

  10. Anony 21 August 2009 at 3:13 am Permalink

    Jeff, you’re an idiot. SQLMap comes in hand when it’s blind sql and you don’t want to waste all fucking day brute forcing letter by letter to try get the whole DB content.

  11. GZero 25 August 2009 at 10:06 am Permalink

    Yeah Fyodor must feel like a real fucking idiot. Total waste of time and energy, it’s not like nmap can manipulate packets at all.

    “And yes I haveed crafted my own packets for port scanning” – Bet you haven’t
    “you need to when you scan behind a firewall. ” – No you don’t, your firewall, your rules
    “Or to route it though you to a fake target so it looks like someone else is port scanning while you just read the tcpdump.” – This sounds and smells like bullshit, are you ineptly referring to SRC spoofing?

    When you do your “mostly ASCII” blind SQL injections, using your handcrafted requests and techniques. How long does it take?

  12. Darknet 25 August 2009 at 2:57 pm Permalink

    GZero: “Or to route it though you to a fake target so it looks like someone else is port scanning while you just read the tcpdump” I believe he’s referring to idle scanning as discovered by Antirez the author of Hping2.

  13. Madsen 30 August 2009 at 1:21 pm Permalink

    Hi guys.
    The one for Windows has a trojan gen.
    don’t download it.

    Cheers!