sqlmap - Frequently Asked Questions <author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">, <htmlurl url="mailto:miroslav.stampar@gmail.com" name="Miroslav Stampar"> <date>March 10, 2011 <abstract> This document contains frequently asked questions for <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">. </abstract> <toc> <sect>Frequently Asked Questions <sect1>What is sqlmap? <p> sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. <sect1>How do I execute sqlmap? <p> If you are running on a Unix/Linux system type the following command from a terminal: <tscreen><verb> python sqlmap.py -h </verb></tscreen> <p> If you are running on a Windows system type the following command from a terminal: <tscreen><verb> C:\Python26\python.exe sqlmap.py -h </verb></tscreen> <p> Where <tt>C:\Python26</tt> is the path where you installed <htmlurl url="http://www.python.org" name="Python"> <bf>>= 2.6</bf>. <sect1>Can I integrate sqlmap with a security tool I am developing? <p> Yes. sqlmap is released under the terms of the GPLv2, which means that any derivative work must be distributed without further restrictions on the rights granted by the GPL itself. If this constitutes a problem, feel free to contact us so we can find a solution. <sect1>How can I integrate sqlmap with my own tool? <p> TODO <sect1>Will you support other database management systems? <p> Yes. There are plans to support also IBM DB2, Informix and Ingres at some point. <sect1>How can I occasionally contribute? <p> All help is greatly appreciated. First of all download the tool, make sure you are running the latest development version from the Subversion repository, read the user's manual carefully, have fun with it during your penetration tests. If you find bugs or have ideas for possible improvements, feel free to <htmlurl url="http://sqlmap.sourceforge.net/#ml" name="get in touch on the mailing list">. Many people have <htmlurl url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/THANKS" name="contributed"> in different ways to the sqlmap development. <bf>You</bf> can be the next! <sect1>Can I actively contribute in the long-term development? <p> Yes, we are looking for people who can write some clean Python code, are up to do security research, know about web application security, database assessment and takeover, software refactoring and are motivated to join the development team. If this sounds interesting to you, <htmlurl url="http://sqlmap.sourceforge.net/#developers" name="get in touch">! <sect1>How can I support the development? <p> If you think that sqlmap is a great tool, it really played well during your penetration tests, or you simply like it, you, or your boss, can <htmlurl url="http://sqlmap.sourceforge.net/#donate" name="donate some money"> to the developers via PayPal. <sect1>Can you hack a site for me? <p> <bf>No</bf>. <sect1>How sqlmap decides this and that? <p> TODO </article>