# Individuals Andres Tarasco Acuna, * for suggesting a feature Santiago Accurso, * for reporting a bug Zaki Akhmad, * for suggesting a couple of features Olu Akindeinde, * for reporting a couple of bugs David Alvarez, * for reporting a bug Sergio Alves, * for reporting a bug Thomas Anderson, * for reporting a bug Chip Andrews, * for his excellent work maintaining the SQL Server versions database at SQLSecurity.com and permission to implement the update feature taking data from his site Smith Andy, * for suggesting a feature Otavio Augusto, * for reporting a minor bug Simon Baker, * for reporting some bugs Ryan Barnett, * for organizing the ModSecurity SQL injection challenge, http://modsecurity.org/demo/challenge.html Emiliano Bazaes, * for reporting a minor bug Daniele Bellucci, * for starting sqlmap project and developing it between July and August 2006 Sebastian Bittig, and the rest of the team at r-tec IT Systeme GmbH * for contributing the DB2 support initial patch: fingerprint and enumeration Anthony Boynes, * for reporting several bugs Marcelo Toscani Brandao * for reporting a bug Velky Brat, * for suggesting a minor enhancement to the bisection algorithm James Briggs, * for suggesting a minor enhancement Gianluca Brindisi, * for reporting a couple of bugs Jack Butler, * for contributing the sqlmap site favicon Ulisses Castro, * for reporting a bug Roberto Castrogiovanni, * for reporting a minor bug Cesar Cerrudo, * for his Windows access token kidnapping tool Churrasco included in sqlmap tree as a contrib library and used to run the stand-alone payload stager on the target Windows machine as SYSTEM user if the user wants to perform a privilege escalation attack, http://www.argeniss.com/research/TokenKidnapping.pdf Karl Chen, * for contributing the initial multi-threading patch for the inference algorithm Y P Chien, * for reporting a minor bug Pierre Chifflier, and Mark Hymers, * for uploading and accepting the sqlmap Debian package to the official Debian project repository Chris Clements, * for reporting a couple of bugs John Cobb, * for reporting a minor bug Andreas Constantinides, * for reporting a minor bug Andre Costa, * for reporting a minor bug * for suggesting a minor enhancement Ulises U. Cune, * for reporting a bug Alessandro Curio, * for reporting a minor bug Alessio Dalla Piazza, * for reporting a couple of bugs Sherif El-Deeb, * for reporting a minor bug Stefano Di Paola, * for suggesting good features Mosk Dmitri, * for reporting a minor bug Meng Dong, * for contributing a code for Waffit integration Carey Evans, * for his fcrypt module that allows crypt(3) support on Windows platforms Shawn Evans, * for suggesting an idea for one tamper script, greatest.py Adam Faheem, * for reporting a few bugs James Fisher, * for contributing two very good feature requests * for his great tool too brute force directories and files names on web/application servers, DirBuster, http://tinyurl.com/dirbuster Jim Forster, * for reporting a bug Rong-En Fan, * for commiting the sqlmap 0.5 port to the official FreeBSD project repository Giorgio Fedon, * for suggesting a speed improvement for bisection algorithm * for reporting a bug when running against Microsoft SQL Server 2005 Kasper Fons, * for reporting several bugs Jose Fonseca, * for his Gprof2Dot utility for converting profiler output to dot graph(s) and for his XDot utility to render nicely dot graph(s), both included in sqlmap tree inside extra folder. These libraries are used for sqlmap development purposes only http://code.google.com/p/jrfonseca/wiki/Gprof2Dot http://code.google.com/p/jrfonseca/wiki/XDot Alan Franzoni, * for helping me out with Python subprocess library Harold Fry, * for suggesting a minor enhancement Daniel G. Gamonal, * for reporting a minor bug Marcos Mateos Garcia, * for reporting a minor bug Andrew Gecse, * for reporting a minor issue Ivan Giacomelli, * for reporting a bug * for suggesting a minor enhancement * for reviewing the documentation Nico Golde, * for reporting a couple of bugs Oliver Gruskovnjak, * for reporting a bug * for contributing a minor patch Davide Guerri, * for suggesting an enhancement Dan Guido, * for promoting sqlmap in the context of the Penetration Testing and Vulnerability Analysis class at the Polytechnic University of New York, http://isisblogs.poly.edu/courses/pentest/ David Guimaraes, * for reporting considerable amount of bugs * for suggesting several features Chris Hall, * for coding the prettyprint.py library Tate Hansen, * for donating to sqlmap development Mario Heiderich, Christian Matthies, Lars H. Strojny, * for their great tool PHPIDS included in sqlmap tree as a set of rules for testing payloads against IDS detection, http://php-ids.org Kristian Erik Hermansen, * for reporting a bug * for donating to sqlmap development Alexander Hagenah, * for reporting a minor bug Dennis Hecken, * for reporting a minor bug Choi Ho, * for reporting a minor bug Jorge Hoya, * for suggesting a minor enhancement Will Holcomb, * for his MultipartPostHandler class to handle multipart POST forms and permission to include it within sqlmap source code Daniel Huckmann, * for reporting a couple of bugs Daliev Ilya, * for reporting a bug Jovon Itwaru, * for reporting a minor bug Prashant Jadhav, * for reporting a bug Dirk Jagdmann, * for reporting a typo in the documentation Luke Jahnke, * for reporting a bug when running against MySQL < 5.0 David Klein, * for reporting a minor code improvement Sven Klemm, * for reporting two minor bugs with PostgreSQL Anant Kochhar, * for providing with feedback on the user's manual Dmitriy Kononov, * for reporting a minor bug Alexander Kornbrust, * for reporting a couple of bugs Krzysztof Kotowicz, * for reporting a minor bug Nicolas Krassas, * for reporting a couple of bugs Oliver Kuckertz, * for contributing a minor patch Alex Landa, * for contributing a patch adding beta support for XML output Guido Landi, * for reporting a couple of bugs * for the great technical discussions * for Microsoft SQL Server 2000 and Microsoft SQL Server 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploit development * for presenting with me at SOURCE Conference 2009 in Barcelona (Spain) on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on November 20, 2009 Lee Lawson, * for reporting a minor bug John J. Lee, and others * for developing the clientform Python library used by sqlmap to parse forms when --forms switch is specified Nico Leidecker, * for providing with feedback on a few features * for reporting a couple of bugs * for his great tool icmpsh included in sqlmap tree to get a command prompt via an out-of-band tunnel over ICMP, http://leidecker.info/downloads/icmpsh.zip Gabriel Lima, * for reporting a couple of bugs Svyatoslav Lisin, * for suggesting a minor feature Miguel Lopes, * for reporting a minor bug Truong Duc Luong, * for reporting a minor bug Pavol Luptak, * for reporting a bug when injecting on a POST data parameter Till Maas, * for suggesting a minor feature Michael Majchrowicz, * for extensively beta-testing sqlmap on various MySQL DBMS * for providing really appreciated feedback * for suggesting a lot of ideas and features Ahmad Maulana, * for contributing one tamper script, halfversionedmorekeywords.py Ferruh Mavituna, * for exchanging ideas on the implementation of a couple of features David McNab, * for his XMLObject module that allows XML files to be operated on like Python objects Spencer J. McIntyre, * for reporting a minor bug * for contributing a patch for OS fingerprinting on DB2 Brad Merrell, * for reporting a minor bug Michael Meyer, * for suggesting a minor feature Enrico Milanese, * for reporting a minor bug * for sharing some ideas for the PHP backdoor Liran Mimoni, * for reporting a minor bug Marco Mirandola, * for reporting a minor bug Devon Mitchell, * for reporting a minor bug Anton Mogilin, * for reporting a few bugs Sergio Molina, * for reporting a minor bug Anastasios Monachos, * for providing some useful data * for suggesting a feature * for reporting a couple of bugs Kirill Morozov, * for reporting a bug * for suggesting a feature Alejo Murillo Moya, * for reporting a minor bug * for suggesting a few features Yonny Mutai, * for reporting a minor bug Roberto Nemirovsky, * for pointing me out some enhancements Simone Onofri, * for patching the PHP web backdoor to make it work properly also on Windows Michele Orru, * for reporting a couple of bug * for suggesting ideas on how to implement the RESTful API Shaohua Pan, * for reporting several bugs * for suggesting a few features Antonio Parata, * for sharing some ideas for the PHP backdoor Adrian Pastor, * for donating to sqlmap development Christopher Patten, * for reporting a bug in the blind SQL injection bisection algorithm Zack Payton, * for reporting a minor bug Jaime Penalba, * for contributing a patch for INSERT/UPDATE generic boundaries Pedrito Perez, <0ark1ang3l@gmail.com> * for reporting a couple of bugs Brandon Perry, * for reporting a couple of bugs Travis Phillips, * for suggesting a minor enhancement Mark Pilgrim, * for porting chardet package (Universal Encoding Detector) to Python Steve Pinkham, * for suggesting a feature * for contributing a new SQL injection vector (MSSQL time-based blind) * for donating to sqlmap development Adam Pridgen, * for suggesting some features Luka Pusic, * for reporting a couple of bugs Ole Rasmussen, * for reporting a bug * for suggesting a feature Alberto Revelli, * for inspiring me to write sqlmap user's manual in SGML * for his great Microsoft SQL Server take over tool, sqlninja, http://sqlninja.sourceforge.net David Rhoades, * for reporting a bug Andres Riancho, * for beta-testing sqlmap * for reporting a bug and suggesting some features * for including sqlmap in his great web application audit and attack framework, w3af, http://w3af.sourceforge.net * for suggesting a way for handling DNS caching Jamie Riden, * for reporting a minor bug Alexander Rigbo, * for contributing a minor patch Antonio Riva, * for reporting a bug when running with python 2.5 Ethan Robish, * for reporting a bug Levente Rog, * for reporting a minor bug Andrea Rossi, * for reporting a minor bug * for suggesting a feature Frederic Roy, * for reporting a couple of bugs Vladimir Rutsky, * for suggesting a couple of minor enhancements Richard Safran, * for donating the sqlmap.org domain Tomoyuki Sakurai, * for submitting to the FreeBSD project the sqlmap 0.5 port Roberto Salgado, * for contributing considerable amount of tamper scripts Pedro Jacques Santos Santiago, * for reporting considerable amount of bugs Marek Sarvas, * for reporting several bugs Philippe A. R. Schaeffer, * for reporting a minor bug Mohd Zamiri Sanin, * for reporting a minor bug Jorge Santos, * for reporting a minor bug Sven Schluter, * for contributing a patch * for waiting a number of seconds between each HTTP request Ryan Sears, * for suggesting a couple of enhancements * for donating to sqlmap development Uemit Seren, * for reporting a minor adjustment when running with python 2.6 Shane Sewell, * for suggesting a feature Ahmed Shawky, * for reporting a major bug with improper handling of parameter values * for reporting a bug Brian Shura, * for reporting a bug Sumit Siddharth, * for sharing ideas on the implementation of a couple of features Andre Silva, * for reporting a bug Benjamin Silva H. * for reporting a bug Duarte Silva * for reporting a couple of bugs M Simkin, * for suggesting a feature Konrads Smelkovs, * for reporting a few bugs in --sql-shell and --sql-query on Microsoft SQL Server Chris Spencer, * for reviewing the user's manual grammar Michael D. Stenner, * for his keepalive module that allows handling of persistent HTTP 1.1 keep-alive connections Marek Stiefenhofer, * for reporting a few bugs Jason Swan, * for reporting a bug when enumerating columns on Microsoft SQL Server * for suggesting a couple of improvements Chilik Tamir, * for contributing a patch for initial support SOAP requests Alessandro Tanasi, * for extensively beta-testing sqlmap * for suggesting many features and reporting some bugs * for reviewing the documentation Andres Tarasco, * for contributing good feedback Tom Thumb, * for reporting a major bug Kazim Bugra Tombul, * for reporting a minor bug Efrain Torres, * for helping me out to improve the Metasploit Framework sqlmap auxiliary module and for commiting it on the Metasploit official subversion repository * for his great Metasploit WMAP Framework Sandro Tosi, * for helping to create sqlmap Debian package correctly Jacco van Tuijl, * for reporting several bugs Vitaly Turenko, * for reporting a bug Augusto Urbieta, * for reporting a minor bug Bedirhan Urgun, * for reporting a few bugs * for suggesting some features and improvements * for benchmarking sqlmap in the context of his SQL injection benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench Kyprianos Vasilopoulos, * for reporting a couple of minor bugs Vlado Velichkovski, * for reporting considerable amount of bugs * for suggesting an enhancement Johnny Venter, * for reporting a couple of bugs Carlos Gabriel Vergara, * for suggesting couple of good features Patrick Webster, * for suggesting an enhancement Ed Williams, * for suggesting a minor enhancement Anthony Zboralski, * for providing with detailed feedback * for reporting a few minor bugs * for donating to sqlmap development Thierry Zoller, * for reporting a couple of major bugs Zhen Zhou, * for suggesting a feature -insane-, * for reporting a minor bug 1ndr4 joe, * for reporting a couple of bugs abc abc, * for reporting a minor bug Abuse 007, * for reporting a bug Alex, * for reporting a minor bug anonymous anonymous, * for reporting a couple of bugs bamboo, * for reporting a couple of bugs Brandon E., * for reporting a bug black zero, * for reporting a minor bug blueBoy, * for reporting a bug buawig, * for reporting considerable amount of bugs Bugtrace, * for reporting several bugs cats, * for reporting a couple of bugs Christian S, * for reporting a minor bug clav, * for reporting a minor bug dragoun dash, * for reporting a minor bug fufuh, * for reporting a bug when running on Windows Hans Wurst, * for reporting a couple of bugs james, * for reporting a bug Joe "Pragmatk", * for reporting a few bugs John Smith, * for reporting several bugs * for suggesting some features m4l1c3, * for reporting considerable amount of bugs mariano, * for reporting a bug mitchell, * for reporting a few bugs Nadzree, * for reporting a minor bug nightman, * for reporting considerable amount of bugs Oso Dog osodog123@yahoo.com * for reporting a minor bug pacman730, * for reporting a bug pentestmonkey, * for reporting several bugs * for suggesting a few minor enhancements Phat R., * for reporting a few bugs Phil P, <@superevr> * for suggesting a minor enhancement ragos, * for reporting a minor bug rmillet, * for reporting a bug Rub3nCT, * for reporting a minor bug shiftzwei, * for reporting a couple of bugs smith, * for reporting a minor bug Soma Cruz, * for reporting a minor bug Stuffe, * for reporting a minor bug and a feature request Sylphid, * for suggesting some features syssecurity.info, * for reporting a minor bug This LittlePiggy, * for reporting a minor bug ToR, * for reporting considerable amount of bugs * for suggesting a feature ultramegaman, * for reporting a minor bug Vinicius, * for reporting a minor bug wanglei, * for reporting a minor bug warninggp, * for reporting a few minor bugs x, * for reporting a bug zhouhx, * for contributing a minor patch # Organizations Black Hat team, * for the opportunity to present my research titled 'Advanced SQL injection to operating system full control' at Black Hat Europe 2009 Briefings on April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of the sqlmap 0.7 release candidate version new features during my presentation * Homepage: http://goo.gl/BKfs7 * Slides: http://goo.gl/Dh65t * White paper: http://goo.gl/spX3N SOURCE Conference team, * for the opportunity to present my research titled 'Expanding the control over the operating system from the database' at SOURCE Conference 2009 on September 21, 2009 in Barcelona (ES). I unveiled and demonstrated some of the sqlmap 0.8 release candidate version new features during my presentation * Homepage: http://goo.gl/IeXV4 * Slides: http://goo.gl/OKnfj AthCon Conference team, * for the opportunity to present my research titled 'Got database access? Own the network!' at AthCon Conference 2010 on June 3, 2010 in Athens (GR). I unveiled and demonstrated some of the sqlmap 0.8 version features during my presentation * Homepage: http://goo.gl/Fs71I * Slides: http://goo.gl/QMfjO Metasploit Framework development team, * for their powerful tool Metasploit Framework, used by sqlmap, among others things, to create the shellcode and establish an out-of-band connection between sqlmap and the database server * Homepage: http://www.metasploit.com OWASP Board, * for sponsoring part of the sqlmap development in the context of OWASP Spring of Code 2007 * Homepage: http://www.owasp.org