sqlmap

sqlmap.orgLaunched 2006

Automatic SQL injection and database takeover tool

Visit
sqlmap screenshot
/ About /

sqlmap is an open source penetration testing tool that automates the detection and exploitation of SQL injection vulnerabilities in web applications. It supports a wide range of database management systems and SQL injection techniques, and can perform actions such as database fingerprinting, data extraction, file system access, and OS command execution. The tool is available via Git clone or direct download and is licensed under the GNU GPL v2.

/ How it works /

sqlmap automates the process of detecting SQL injection flaws using multiple injection techniques and a powerful detection engine, then exploits them to extract data or gain control of the database server.

/ Who it's for /

Security researchers and penetration testers

/ More info /

Background.

Status
launched
Business model
open-source
Launched
2006

Founders

/ Discovered patterns /

Similar projects.

Coming soonSpektrail’s read on Security

Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.

Coming soon

Have a take on this space?

Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.