<p>sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.</p>
<h1>Features</h1>
<ul>
<li>Full support for <strong>MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB</strong> database management systems.</li>
<li>Full support for six SQL injection techniques: <strong>boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band</strong>.</li>
<li>Support to <strong>directly connect to the database</strong> without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.</li>
<li>Support to enumerate <strong>database users, users' password hashes, users' privileges, users' roles, databases, tables and columns</strong>.</li>
<li>Support to <strong>dump database tables</strong> entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.</li>
<li>Support to <strong>search for specific database names, specific tables across all databases or specific columns across all databases' tables</strong>. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.</li>
<li>Support to <strong>download and upload any file</strong> from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li>Support to <strong>execute arbitrary commands and retrieve their standard output</strong> on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li>Support to <strong>establish an out-of-band stateful TCP connection between the attacker machine and the database server</strong> underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.</li>
<li>Support for <strong>database process' user privilege escalation</strong> via Metasploit's Meterpreter <code>getsystem</code> command.</li>
<li>sqlmap <ahref="https://raw.github.com/sqlmapproject/sqlmap/master/doc/ChangeLog">ChangeLog</a> and <ahref="https://github.com/sqlmapproject/sqlmap/wiki/History">history</a>.</li>
<p><iframetitle="YouTube video player"width="480"height="390"src="http://www.youtube.com/embed/RsQ52eCcTi4?rel=0"frameborder="0"></iframe></p>
<p>Watch more demos on <ahref="http://www.youtube.com/user/inquisb/videos">Bernardo</a> and <ahref="http://www.youtube.com/user/stamparm/videos">Miroslav</a> YouTube pages.</p>
<p>The <code>sqlmap-users@lists.sourceforge.net</code><ahref="https://lists.sourceforge.net/lists/listinfo/sqlmap-users">mailing list</a> is the preferred way to ask questions and discuss with other users, <ahref="https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS">contributors</a> and the <ahref="#developers">developers</a>.<br>
To subscribe use the <ahref="https://lists.sourceforge.net/lists/listinfo/sqlmap-users">online web form</a>. It is also available via Gmane <ahref="http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap">RSS feed</a>. The archives are available online on <ahref="http://news.gmane.org/gmane.comp.security.sqlmap">Gmane</a>.</p>
<p><strong>Bug reports are welcome</strong>! Please report all bugs on the <ahref="https://github.com/sqlmapproject/sqlmap/issues">issue tracker</a> or, alternatively, to the <ahref="https://lists.sourceforge.net/lists/listinfo/sqlmap-users">mailing list</a>.</p>
<p>All code contributions are greatly appreciated. First off, clone the <ahref="https://github.com/sqlmapproject/sqlmap">Git repository</a>, read the <ahref="https://github.com/sqlmapproject/sqlmap/wiki">user's manual</a> carefully, go through the code yourself and <ahref="mailto:dev@sqlmap.org">drop us</a> an email if you are having a hard time grasping its structure and meaning.</p>
<p>Our preferred method of patch submission is via a Git <ahref="https://help.github.com/articles/using-pull-requests">pull request</a>.</p>
<p>Each patch should make one logical change. Please follow the existing stylistic conventions: wrap code to 76 columns when possible. Avoid tabbing, use four blank spaces instead. Before you put time into a nontrivial patch, it is worth discussing it on the <ahref="https://lists.sourceforge.net/lists/listinfo/sqlmap-users">mailing list</a> or privately by <ahref="mailto:dev@sqlmap.org">email</a>.</p>
<p>Many <ahref="https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS">people</a> have contributed in different ways to the sqlmap development. <strong>You</strong> can be the next!</p>
<p>sqlmap is the result of numerous hours of passionated work from a small team of computer security enthusiasts. If you appreciated our work and you want to see sqlmap kept being developed, please consider making a <ahref="https://www.paypal.com/uk/cgi-bin/webscr?cmd=_send-money&nav=1">donation</a> to our efforts via <ahref="https://www.paypal.com/">PayPal</a> to <code>dev@sqlmap.org</code>.</p>