mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
Syncing changes with those on gh-pages
This commit is contained in:
parent
303aa10507
commit
1ebaeeb216
16
README.md
16
README.md
|
@ -8,7 +8,7 @@ sqlmap is an open source penetration testing tool that automates the process of
|
|||
* Full support for six SQL injection techniques: **boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band**.
|
||||
* Support to **directly connect to the database** without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
|
||||
* Support to enumerate **database users, users' password hashes, users' privileges, users' roles, databases, tables and columns**.
|
||||
* Automatic recognition of password hashes format and support to **crack them with a dictionary-based attack**.
|
||||
* Automatic recognition of password hash formats and support for **cracking them using a dictionary-based attack**.
|
||||
* Support to **dump database tables** entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.
|
||||
* Support to **search for specific database names, specific tables across all databases or specific columns across all databases' tables**. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.
|
||||
* Support to **download and upload any file** from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
|
||||
|
@ -31,13 +31,13 @@ This is strongly recommended before reporting any bug to the [mailing list](#mai
|
|||
|
||||
* sqlmap [user's manual](https://github.com/sqlmapproject/sqlmap/raw/master/doc/README.pdf).
|
||||
* sqlmap [ChangeLog](https://raw.github.com/sqlmapproject/sqlmap/master/doc/ChangeLog).
|
||||
* *SQL injection: Not only AND 1=1* [slides](http://www.slideshare.net/inquis/sql-injection-not-only-and-11-updated) presented by Bernardo at the 2nd Digital Security Forum in Lisbon (Portugal) on June 27, 2009.
|
||||
* *Advanced SQL injection to operating system full control* [whitepaper](http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-whitepaper-4633857) and [slides](http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides) presented by Bernardo at [Black Hat Europe 2009](https://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html) in Amsterdam (The Netherlands) on April 16, 2009.
|
||||
* *Expanding the control over the operating system from the database* [slides](http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database) presented by Bernardo at [SOURCE Conference](http://www.sourceconference.com/archive/) 2009 in Barcelona (Spain) on September 21, 2009.
|
||||
* *Got database access? Own the network!* [slides](http://www.slideshare.net/inquis/ath-con-2010bernardodamelegotdbownnet) presented by Bernardo at [AthCon 2010](http://www.athcon.org/archive.php) in Athens (Greece) on June 3, 2010.
|
||||
* *sqlmap - security development in python* [slides](http://www.slideshare.net/stamparm/euro-python-2011miroslavstamparsqlmapsecuritydevelopmentinpython) presented by Miroslav at [EuroPython 2011](http://ep2011.europython.eu/) in Firenze (Italy) on June 23, 2011.
|
||||
* *It all starts with the ' (SQL injection from attacker's point of view)* [slides](http://www.slideshare.net/stamparm/f-sec-2011miroslavstamparitallstartswiththesinglequote-9311238) presented by Miroslav at [FSec - FOI Security Symposium](http://fsec.foi.hr/) in Varazdin (Croatia) on September 23, 2011.
|
||||
* *DNS exfiltration using sqlmap* [slides](http://www.slideshare.net/stamparm/dns-exfiltration-using-sqlmap-13163281) and accompaining [whitepaper](http://www.slideshare.net/stamparm/ph-days-2012miroslavstampardataretrievaloverdnsinsqlinjectionattackspaper) titled *Data Retrieval over DNS in SQL Injection Attacks* presented by Miroslav at [PHDays 2012](http://www.phdays.com/) in Moscow (Russia) on May 31, 2012.
|
||||
* *SQL injection: Not only AND 1=1* [slides](http://www.slideshare.net/inquis/sql-injection-not-only-and-11-updated) presented by Bernardo at the 2nd Digital Security Forum in Lisbon (Portugal) on June 27th, 2009.
|
||||
* *Advanced SQL injection to operating system full control* [whitepaper](http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-whitepaper-4633857) and [slides](http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides) presented by Bernardo at [Black Hat Europe 2009](https://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html) in Amsterdam (The Netherlands) on April 16th, 2009.
|
||||
* *Expanding the control over the operating system from the database* [slides](http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database) presented by Bernardo at [SOURCE Conference](http://www.sourceconference.com/archive/) 2009 in Barcelona (Spain) on September 21st, 2009.
|
||||
* *Got database access? Own the network!* [slides](http://www.slideshare.net/inquis/ath-con-2010bernardodamelegotdbownnet) presented by Bernardo at [AthCon 2010](http://www.athcon.org/archive.php) in Athens (Greece) on June 3rd, 2010.
|
||||
* *sqlmap - security development in python* [slides](http://www.slideshare.net/stamparm/euro-python-2011miroslavstamparsqlmapsecuritydevelopmentinpython) presented by Miroslav at [EuroPython 2011](http://ep2011.europython.eu/) in Firenze (Italy) on June 23rd, 2011.
|
||||
* *It all starts with the ' (SQL injection from attacker's point of view)* [slides](http://www.slideshare.net/stamparm/f-sec-2011miroslavstamparitallstartswiththesinglequote-9311238) presented by Miroslav at [FSec - FOI Security Symposium](http://fsec.foi.hr/) in Varazdin (Croatia) on September 23rd, 2011.
|
||||
* *DNS exfiltration using sqlmap* [slides](http://www.slideshare.net/stamparm/dns-exfiltration-using-sqlmap-13163281) and accompanying [whitepaper](http://www.slideshare.net/stamparm/ph-days-2012miroslavstampardataretrievaloverdnsinsqlinjectionattackspaper) titled *Data Retrieval over DNS in SQL Injection Attacks* presented by Miroslav at [PHDays 2012](http://www.phdays.com/) in Moscow (Russia) on May 31st, 2012.
|
||||
|
||||
# Mailing list
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user