sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor adjustment to README file

Browse Source
This commit is contained in:
Bernardo Damele 2012-06-27 10:37:18 +01:00
parent 7780a76848
commit 397b7758e3
1 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
README.md
View File

@ -16,6 +16,29 @@ sqlmap is an open source penetration testing tool that automates the process of
* Support to **establish an out-of-band stateful TCP connection between the attacker machine and the database server** underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.
* Support for **database process' user privilege escalation** via Metasploit's Meterpreter `getsystem` command.
# Documentation
* sqlmap (user's manual)[https://github.com/sqlmapproject/sqlmap/raw/master/doc/README.pdf].
* sqlmap (ChangeLog)[https://raw.github.com/sqlmapproject/sqlmap/master/doc/ChangeLog].
* *SQL injection: Not only AND 1=1* (slides)[http://www.slideshare.net/inquis/sql-injection-not-only-and-11-updated] presented by Bernardo at the 2nd Digital Security Forum in Lisbon (Portugal) on June 27, 2009.
* **Advanced SQL injection to operating system full control** (whitepaper)[http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-whitepaper-4633857] and (slides)[http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides] presented by Bernardo at (Black Hat Europe 2009)[https://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html] in Amsterdam (The Netherlands) on April 16, 2009.
* **Expanding the control over the operating system from the database** (slides)[http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database] presented by Bernardo at (SOURCE Conference)[http://www.sourceconference.com/archive/] 2009 in Barcelona (Spain) on September 21, 2009.
* **Got database access? Own the network!** (slides)[http://www.slideshare.net/inquis/ath-con-2010bernardodamelegotdbownnet] presented by Bernardo at (AthCon 2010)[http://www.athcon.org/archive.php] in Athens (Greece) on June 3, 2010.
* **sqlmap - security development in python** (slides)[http://www.slideshare.net/stamparm/euro-python-2011miroslavstamparsqlmapsecuritydevelopmentinpython] presented by Miroslav at (EuroPython 2011)[http://ep2011.europython.eu/] in Firenze (Italy) on June 23, 2011.
* **It all starts with the ' (SQL injection from attacker's point of view)** (slides)[http://www.slideshare.net/stamparm/f-sec-2011miroslavstamparitallstartswiththesinglequote-9311238] presented by Miroslav at (FSec - FOI Security Symposium)[http://fsec.foi.hr/] in Varazdin (Croatia) on September 23, 2011.
* **DNS exfiltration using sqlmap** (slides)[http://www.slideshare.net/stamparm/dns-exfiltration-using-sqlmap-13163281] and accompaining (whitepaper)[http://www.slideshare.net/stamparm/ph-days-2012miroslavstampardataretrievaloverdnsinsqlinjectionattackspaper] titled **Data Retrieval over DNS in SQL Injection Attacks** presented by Miroslav at (PHDays 2012)[http://www.phdays.com/] in Moscow (Russia) on May 31, 2012.
# Download
You can download the latest tarball by clicking (here)[https://github.com/sqlmapproject/sqlmap/tarball/master].
Preferably, you can download sqlmap by cloning the [Git](https://github.com/sqlmapproject/sqlmap) repository:
```
git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
```
This is strongly recommended before reporting any bug to the [mailing list](#mailing-list).
# Mailing list
The **sqlmap-users@lists.sourceforge.net** mailing list is the preferred way to ask questions, report bugs, suggest new features and discuss with other users, [contributors](https://github.com/sqlmapproject/sqlmap/blob/master/doc/THANKS) and the [developers](#developers). To subscribe use the [online web form](https://lists.sourceforge.net/lists/listinfo/sqlmap-users).
@ -28,6 +51,16 @@ The mailing list is archived online on [SourceForge](http://sourceforge.net/mail
You can contact the development team by writing to dev@sqlmap.org.
# Contribute
We are constantly seeking for people who can write some clean Python code, are up to do security research, know about web application security, database assessment and takeover, software refactoring and are motivated to join the development team.
If this sounds interesting to you, send us your (pull requests)[https://github.com/sqlmapproject/sqlmap/pulls]!
# Donate
sqlmap is the result of numerous hours of passionated work from a small team of computer security enthusiasts. If you appreciated our work and you want to see sqlmap kept being developed, please consider making a small donation to our efforts.
# License
sqlmap is released under the terms of the [General Public License v2](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html).<BR>