sqlmap 0.6.1 released – Automatic SQL Injection Tool


sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more.

Features

  • Full support for MySQL, Oracle, PostgreSQL and Microsoft SQL Server back-end database management systems. Besides these four database management systems, sqlmap can also identify Microsoft Access, DB2, Informix, Sybase and Interbase.
  • Extensive back-end database management system fingerprint based upon inband error messages, banner parsing, functions output comparison and specific features such as MySQL comment injection. It is also possible to force the back-end database management system name if you already know it.
  • Full support for two SQL injection techniques: blind SQL injection and inband SQL injection.

Changes

Some of the new features include:

  • Added a Metasploit Framework 3 auxiliary module to run sqlmap;
  • Implemented possibility to test for and inject also on LIKE statements;
  • Implemented –start and –stop options to set the first and the last table entry to dump;
  • Added non-interactive/batch-mode (–batch) option to make it easy to wrap sqlmap in Metasploit and any other tool.

Complete list of changes at ChangeLog.

You can also grab the User Manual here.

You can download sqlmap 0.6.1 here:

Source – sqlmap-0.6.1.tar.gz

Windows – sqlmap-0.6.1_exe.zip

Or read more here.

Posted in: Database Hacking, Hacking Tools, Web Hacking

, , , , , ,


Latest Posts:


APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.


2 Responses to sqlmap 0.6.1 released – Automatic SQL Injection Tool

  1. Yash Kadakia October 28, 2008 at 8:30 pm #

    Thanks for the update, definitely one of my all-time favorite tools ;_)

    python sqlmap.py –update :p


    Yash Kadakia

  2. razta October 28, 2008 at 8:38 pm #

    Never knew there was a windows version.