mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-01-12 11:41:05 +03:00
145 lines
7.5 KiB
Markdown
145 lines
7.5 KiB
Markdown
# sqlmap 
|
|
|
|
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
|
|
|
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.
|
|
|
|
Screenshots
|
|
----
|
|
|
|
|
|
|
|
You can visit the [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrating some of the features on the wiki.
|
|
|
|
Installation
|
|
----
|
|
|
|
You can download the latest tarball by clicking [here](https://github.com/sqlmapproject/sqlmap/tarball/master) or latest zipball by clicking [here](https://github.com/sqlmapproject/sqlmap/zipball/master).
|
|
|
|
Preferably, you can download sqlmap by cloning the [Git](https://github.com/sqlmapproject/sqlmap) repository:
|
|
|
|
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
|
|
|
sqlmap works out of the box with [Python](https://www.python.org/download/) version **2.7** and **3.x** on any platform.
|
|
|
|
Usage
|
|
----
|
|
|
|
### SQLMap CLI - Beautiful Automated Testing 🎨
|
|
|
|
**NEW**: We now have a beautiful CLI wrapper that automates comprehensive SQL injection testing in a single command!
|
|
|
|
#### Quick Start
|
|
|
|
Install dependencies:
|
|
```bash
|
|
pip install -r requirements.txt
|
|
```
|
|
|
|
#### Examples
|
|
|
|
**Quick scan** (default settings):
|
|
```bash
|
|
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test"
|
|
```
|
|
|
|
**Comprehensive scan** (tests all risk and level combinations):
|
|
```bash
|
|
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --comprehensive
|
|
```
|
|
|
|
**Custom level and risk**:
|
|
```bash
|
|
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --level 3 --risk 2
|
|
```
|
|
|
|
**Interactive mode**:
|
|
```bash
|
|
python sqlmapcli.py --interactive
|
|
```
|
|
*Interactive mode now prompts for POST data/body, supporting both JSON and form data.*
|
|
|
|
#### Features
|
|
|
|
✨ **Beautiful output** with Rich library - panels, tables, progress bars
|
|
⚡ **One-line comprehensive testing** - test all risk/level combinations automatically
|
|
📊 **Clear result summaries** - vulnerability tables with color-coded findings
|
|
🎯 **Interactive mode** - guided prompts for easy testing, including POST data support
|
|
⏱️ **Progress tracking** - see exactly what's being tested in real-time
|
|
|
|
#### CLI Options
|
|
|
|
```
|
|
-u, --url Target URL
|
|
--comprehensive Run all risk/level combinations (1-3 risk, 1-5 levels)
|
|
--level {1-5} Test level (default: 1)
|
|
--risk {1-3} Test risk (default: 1)
|
|
--max-level {1-5} Maximum level for comprehensive scan
|
|
--max-risk {1-3} Maximum risk for comprehensive scan
|
|
--technique SQL injection techniques (default: BEUSTQ)
|
|
--data POST data string (JSON or form data)
|
|
--raw Show raw sqlmap output (bypasses formatting)
|
|
--verbose {0-6} Sqlmap verbosity level (default: 1)
|
|
-i, --interactive Interactive mode
|
|
```
|
|
|
|
**Note**: Use `--raw` flag to see the exact same output as running sqlmap directly. This ensures you get all details that sqlmap provides without any formatting or parsing.
|
|
|
|
---
|
|
|
|
### Original SQLMap Usage
|
|
|
|
To get a list of basic options and switches use:
|
|
|
|
python sqlmap.py -h
|
|
|
|
To get a list of all options and switches use:
|
|
|
|
python sqlmap.py -hh
|
|
|
|
You can find a sample run [here](https://asciinema.org/a/46601).
|
|
To get an overview of sqlmap capabilities, a list of supported features, and a description of all options and switches, along with examples, you are advised to consult the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
|
|
|
Links
|
|
----
|
|
|
|
* Homepage: https://sqlmap.org
|
|
* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
|
* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
|
* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
|
|
* User's manual: https://github.com/sqlmapproject/sqlmap/wiki
|
|
* Frequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
|
* X: [@sqlmap](https://x.com/sqlmap)
|
|
* Demos: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
|
|
* Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
|
|
|
Translations
|
|
----
|
|
|
|
* [Arabic](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ar-AR.md)
|
|
* [Bengali](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bn-BD.md)
|
|
* [Bulgarian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md)
|
|
* [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md)
|
|
* [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)
|
|
* [Dutch](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-nl-NL.md)
|
|
* [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md)
|
|
* [Georgian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ka-GE.md)
|
|
* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-DE.md)
|
|
* [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
|
|
* [Hindi](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-in-HI.md)
|
|
* [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
|
|
* [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md)
|
|
* [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md)
|
|
* [Korean](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ko-KR.md)
|
|
* [Kurdish (Central)](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ckb-KU.md)
|
|
* [Persian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fa-IR.md)
|
|
* [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md)
|
|
* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
|
|
* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RU.md)
|
|
* [Serbian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-rs-RS.md)
|
|
* [Slovak](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-sk-SK.md)
|
|
* [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)
|
|
* [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md)
|
|
* [Ukrainian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-uk-UA.md)
|
|
* [Vietnamese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-vi-VN.md)
|