sqlmap

Software Screenshot:
sqlmap
Software Details:
Version: 0.9
Upload Date: 11 May 15
Developer: Bernardo Damele
Distribution Type: Freeware
Downloads: 219

Rating: 2.7/5 (Total Votes: 3)

sqlmap is an automatic blind SQL injection tool, developed in python, capable to enumerate entire remote database, perform an active database fingerprint and much more.

sqlmap's aim is to implement a fully functional database mapper tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities.

Features:

  • Test of the remote url stability, based on page hash or string match;
  • Identification of url dynamic parameters;
  • Test numeric, string (single quote and double quotes) SQL injection on all url dynamic parameters and at first vulnerable it will be used to perform the future SQL injections;
  • Possible selection of HTTP method for testing and exploiting dynamic parameters, GET or POST (default: GET);
  • Fingerprint of web application database back-end based upon specific queries output which identify database characteristics and banner grabbing;
  • Random HTTP User-Agent header selection;
  • HTTP Cookie header provided, useful when web application requires authorization based on cookies and you an account;
  • Provide an anonymous HTTP proxy address to pass by request to the target url;
  • Other command line parameters to get database banner, enumerate databases, tables, columns, dump values, retrieve an arbitrary file content and provide own SQL expression to query remote database;
  • Debug output messages in verbose mode execution;
  • PHP setting magic_quotes_gpc evasion by encoding every query string, between single quotes, with CHAR (or similar) database function.
  • Reviewed the directory tree structure;
  • Splitted lib/common.py: inband injection functionalities now are
  • moved to lib/union.py;
  • Updated documentation files.

What is new in this release:

  • This version features a totally rewritten and powerful SQL injection detection engine, the ability to connect directly to a database server, support for time-based blind SQL injection and error-based SQL injection, support for four new database management systems, and much more.

What is new in version 0.6.4:

  • A major enhancement was implemented to make the comparison algorithm work properly on URLs that are not stable by using the difflib Sequence Matcher object.
  • A major enhancement was done to support SQL data definition statements, SQL data manipulation statements, et cetera from the user in SQL query and SQL shell if stacked queries are supported by the Web application technology.
  • A major speed increase was made in DBMS basic fingerprint.

What is new in version 0.6.1:

  • A major bugfix was made to the blind SQL injection bisection algorithm to handle an exception.
  • A Metasploit Framework 3 auxiliary module was added to run sqlmap.
  • The possibility to test for and inject also on LIKE statements was implemented.

What is new in version 0.6:

  • Complete code refactor and many bugs fixed;
  • Added multithreading support to set the maximum number of concurrent HTTP requests;
  • Implemented SQL shell (--sql-shell) functionality and fixed SQL query (--sql-query, before called -e) to be able to run whatever SELECT statement and get its output in both inband and blind SQL injection attack;
  • Added an option (--privileges) to retrieve DBMS users privileges, it also notifies if the user is a DBMS administrator;
  • Added support (-c) to read options from configuration file, an example of valid INI file is sqlmap.conf and support (--save) to save command line options on a configuration file;
  • Created a function that updates the whole sqlmap to the latest stable version available by running sqlmap with --update option;
  • Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.) installation binary packages;
  • Created sqlmap .exe (Windows) portable executable;
  • Save a lot of more information to the session file, useful when resuming injection on the same target to not loose time on identifying injection, UNION fields and back-end DBMS twice or more times;
  • Improved automatic check for parenthesis when testing and forging SQL query vector;
  • Now it checks for SQL injection on all GET/POST/Cookie parameters then it lets the user select which parameter to perform the injection on in case that more than one is injectable;
  • Implemented support for HTTPS requests over HTTP(S) proxy;
  • Added a check to handle NULL or not available queries output;
  • More entropy (randomStr() and randomInt() functions in lib/core/common.py) in inband SQL injection concatenated query and in AND condition checks;
  • Improved XML files structure;
  • Implemented the possibility to change the HTTP Referer header;
  • Added support to resume from session file also when running with inband SQL injection attack;
  • Added an option (--os-shell) to execute operating system commands if the back-end DBMS is MySQL, the web server has the PHP engine active and permits write access on a directory within the document root;
  • Added a check to assure that the provided string to match (--string) is within the page content;
  • Fixed various queries in XML file;
  • Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted the library to parse it;
  • Fixed password fetching function, mainly for Microsoft SQL Server and reviewed the password hashes parsing function;
  • Major bug fixed to avoid tracebacks when the testable parameter(s) is dynamic, but not injectable;
  • Enhanced logging system: added three more levels of verbosity to show also HTTP sent and received traffic;
  • Enhancement to handle Set-Cookie from target url and automatically re-establish the Session when it expires;
  • Added support to inject also on Set-Cookie parameters;
  • Implemented TAB completion and command history on both --sql-shell and --os-shell;
  • Renamed some command line options;
  • Added a conversion library;
  • Added code schema and reminders for future developments;
  • Added Copyright comment and $Id$ svn property to all Python files;
  • Updated the command line layout and help messages;
  • Updated some docstrings;
  • Updated documentation files.

Similar Software

Nepomuk WebMiner
Nepomuk WebMiner

21 Feb 15

DbVisualizer
DbVisualizer

17 Feb 15

phpminiadmin
phpminiadmin

2 Jun 15

Other Software of Developer Bernardo Damele

sqlmap
sqlmap

5 Jun 15

Comments to sqlmap

Comments not found
Add Comment
Turn on images!