mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-23 01:56:36 +03:00
1 line
7.5 KiB
JSON
1 line
7.5 KiB
JSON
|
{"tagline":"Automatic SQL injection and database takeover tool","body":"# Introduction\r\n\r\nsqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.\r\n\r\n# Features\r\n\r\n* Full support for **MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB** database management systems.\r\n* Full support for six SQL injection techniques: **boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band**.\r\n* Support to **directly connect to the database** without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.\r\n* Support to enumerate **database users, users' password hashes, users' privileges, users' roles, databases, tables and columns**.\r\n* Automatic recognition of password hashes format and support to **crack them with a dictionary-based attack**.\r\n* Support to **dump database tables** entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.\r\n* Support to **search for specific database names, specific tables across all databases or specific columns across all databases' tables**. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.\r\n* Support to **download and upload any file** from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.\r\n* Support to **execute arbitrary commands and retrieve their standard output** on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.\r\n* Support to **establish an out-of-band stateful TCP connection between the attacker machine and the database server** underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.\r\n* Support for **database process' user privilege escalation** via Metasploit's Meterpreter `getsystem` command.\r\n\r\n# Download\r\n\r\nYou can download the latest tarball by clicking [here](https://github.com/sqlmapproject/sqlmap/tarball/master).\r\n\r\nPreferably, you can download sqlmap by cloning the [Git](https://github.com/sqlmapproject/sqlmap) repository:\r\n```\r\ngit clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\r\n```\r\n\r\nThis is strongly recommended before reporting any bug to the [mailing list](#mailing-list).\r\n\r\n# Documentation\r\n\r\n* sqlmap [user's manual](https://github.com/sqlmapproject/sqlmap/raw/master/doc/README.pdf).\r\n* sqlmap [ChangeLog](https://raw.github.com/sqlmapproject/sqlmap/master/doc/ChangeLog).\r\n* *SQL injection: Not only AND 1=1* [slides](http://www.slideshare.net/inquis/sql-injection-not-only-and-11-updated) presented by Bernardo at the 2nd Digital Security Forum in Lisbon (Portugal) on June 27, 2009.\r\n* *Advanced SQL injection to operating system full control* [whitepaper](http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-whitepaper-4633857) and [slides](http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides) presented by Bernardo at [Black Hat Europe 2009](https://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html) in Amsterdam (The Netherlands) on April 16, 2009.\r\n* *Expanding the control over the operating system from the database* [slides](http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-data
|