• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

sqlmap 0.7 Released – Automatic SQL Injection Tool

July 31, 2009

Views: 16,204

[ad]

We’ve been following sqlmap since it first came out in Feburary 2007 and it’s been quite some time since the last update sqlmap 0.6.3 in December 2008.

For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications.

Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Recent Changes

Along all the takeover features introduced in sqlmap 0.7 release candidate 1, some of the new features include:

  • Adapted Metasploit wrapping functions to work with latest 3.3 development version too.
  • Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
  • Reset takeover OOB features (if any of –os-pwn, –os-smbrelay or –os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter.
  • This make sqlmap 0.7 to work again on Windows too.
  • Minor improvement so that sqlmap tests also all parameters with no value (eg. par=).
  • HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+.

For a complete list of changes view the ChangeLog.

The manual is available here – README.pdf [PDF]

You can download sqlmap 0.7 here:

Linux Source: sqlmap-0.7.tar.gz
Windows Portable: sqlmap-0.7_exe.zip

Or read more here.

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Database Hacking, Hacking Tools, Web Hacking Tagged With: automatic sql injection, Database Hacking, database-security, sql-injection, sql-injection-tool, sqlmap, web-application-security



Reader Interactions

Comments

  1. Olly says

    July 31, 2009 at 11:43 am

    When I downloaded the windows version Avast detected HTML:Malware-gen in the zip archive.

  2. Jeff Price says

    August 1, 2009 at 12:13 am

    Why is a tool even needed, this is simple enough without one. I guess it will just give script kiddiz something to do. If you need a tool to do this, you are a wana be hacker that will never be a real one.

  3. wtf says

    August 1, 2009 at 1:04 am

    Yah Jeff, I guess you’ve never used nmap either you craft the raw packets each time you need to do a port scan in assembly. Hardcore!

  4. Jeff Price says

    August 1, 2009 at 1:09 am

    sql injection is way different then making ethernet frames. Mostly ascii. You can’t really compare the two. And yes I haveed crafted my own packets for port scanning, you need to when you scan behind a firewall. Or to route it though you to a fake target so it looks like someone else is port scanning while you just read the tcpdump.

  5. um says

    August 2, 2009 at 4:30 pm

    Jeff, I’m pretty sure you wasted your time. I can’t think of any reason a hand crafted packet could be more effective from behind a firewall than what nmap can create. And I know for a fact nmap can spoof the source address.

    And yeah, you can compare the too. Both tools automate a time consuming and repetitive task so you can focus on the results without wasting time getting them.

  6. jp says

    August 2, 2009 at 11:11 pm

    lets see you use nmap to scan a computer behind a firewall.

  7. Pyus says

    August 6, 2009 at 10:29 am

    sometimes i touch myself behind my firewall with nmap

  8. jp says

    August 6, 2009 at 2:43 pm

    you you would be one of those retarded script kiddies

  9. S0L0 says

    August 6, 2009 at 8:59 pm

    Jeff Price aka jp is a troll. Check out his other posts.

  10. Anony says

    August 21, 2009 at 3:13 am

    Jeff, you’re an idiot. SQLMap comes in hand when it’s blind sql and you don’t want to waste all fucking day brute forcing letter by letter to try get the whole DB content.

  11. GZero says

    August 25, 2009 at 10:06 am

    Yeah Fyodor must feel like a real fucking idiot. Total waste of time and energy, it’s not like nmap can manipulate packets at all.

    “And yes I haveed crafted my own packets for port scanning” – Bet you haven’t
    “you need to when you scan behind a firewall. ” – No you don’t, your firewall, your rules
    “Or to route it though you to a fake target so it looks like someone else is port scanning while you just read the tcpdump.” – This sounds and smells like bullshit, are you ineptly referring to SRC spoofing?

    When you do your “mostly ASCII” blind SQL injections, using your handcrafted requests and techniques. How long does it take?

  12. Darknet says

    August 25, 2009 at 2:57 pm

    GZero: “Or to route it though you to a fake target so it looks like someone else is port scanning while you just read the tcpdump” I believe he’s referring to idle scanning as discovered by Antirez the author of Hping2.

  13. Madsen says

    August 30, 2009 at 1:21 pm

    Hi guys.
    The one for Windows has a trojan gen.
    don’t download it.

    Cheers!

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 285

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 493

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 490

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Shell3r - Powerful Shellcode Obfuscator for Offensive Security

Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Views: 687

If antivirus and EDR vendors are getting smarter, so are the tools that red teamers and penetration … ...More about Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Views: 8,459

Introduction: How Much of the Internet Can You See? You're only scratching the surface when you … ...More about Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

DataSurgeon is an open-source Linux-based data extraction and transformation tool designed for forensic investigations and recovery scenarios.

DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux

Views: 468

DataSurgeon is an open-source Linux-based data extraction and transformation tool designed for … ...More about DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (227)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (73)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,291,643)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,069)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,614)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,675)
  • Password List Download Best Word List – Most Common Passwords (933,462)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,130)
  • Hack Tools/Exploits (673,286)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,143)

Search

Recent Posts

  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025
  • Shell3r – Powerful Shellcode Obfuscator for Offensive Security May 2, 2025
  • Understanding the Deep Web, Dark Web, and Darknet (2025 Guide) April 30, 2025
  • DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux April 28, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy