sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-09-20 11:02:27 +03:00
Code Issues Packages Projects Releases Wiki Activity
Automatic SQL injection and database takeover tool
10,323 Commits 2 Branches 129 Tags 114 MiB
Python 98.3%
C 0.6%
Shell 0.6%
HTML 0.3%
Perl 0.1%
6583472ccf
Go to file
User 6583472ccf Optimize Apache Doris detection with more reliable logic 
- Use VERSION()='5.7.99' as primary fingerprint (Apache Doris hardcoded value)
- Add dual verification: VERSION()='5.7.99' AND @@VERSION_COMMENT LIKE '%Doris%'
- Prioritize StarRocks detection to avoid confusion
- Provide fallback detection for restricted environments
- Based on official Doris documentation: version() always returns '5.7.99'

This implementation follows best practices:
1. StarRocks checked first (returns real versions like 5.1.0)
2. Combined verification for Apache Doris (5.7.99 + banner)
3. Fallback to version-only detection when VERSION_COMMENT inaccessible
4. Leverages the fact that MySQL never released version 5.7.99
2025-08-22 11:16:53 +08:00
.github Bump python-version for GitHub tests 2025-02-10 22:06:10 +01:00
data Fixes #5875 2025-08-19 11:31:57 +02:00
doc Commit related to the #5864 2025-07-25 13:19:46 +02:00
extra Patch for #5897 2025-05-08 23:54:39 +02:00
lib Merge branch 'sqlmapproject:master' into add-doris-support 2025-08-22 10:49:46 +08:00
plugins Optimize Apache Doris detection with more reliable logic 2025-08-22 11:16:53 +08:00
tamper Patch for #5897 2025-05-08 23:54:39 +02:00
thirdparty Getting rid of the codecs.open (python3.14) 2025-08-11 17:10:31 +02:00
.gitattributes Renaming Twitter to X 2024-03-01 13:08:03 +01:00
.gitignore Trivial update 2019-04-18 14:48:50 +02:00
LICENSE Year bump 2025-01-02 00:51:30 +01:00
README.md Commit related to the #5864 2025-07-25 13:19:46 +02:00
sqlmap.conf Adding switch --http1.0 2025-08-18 11:53:30 +02:00
sqlmap.py Fixes #5929 2025-07-13 23:54:17 +02:00
sqlmapapi.py Patch for #5897 2025-05-08 23:54:39 +02:00
sqlmapapi.yaml Trivial update 2021-07-23 11:04:30 +02:00

README.md

sqlmap

.github/workflows/tests.yml Python 2.6|2.7|3.x License x

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.

Screenshots

Screenshot

You can visit the collection of screenshots demonstrating some of the features on the wiki.

Installation

You can download the latest tarball by clicking here or latest zipball by clicking here.

Preferably, you can download sqlmap by cloning the Git repository:

git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev

sqlmap works out of the box with Python version 2.6, 2.7 and 3.x on any platform.

Usage

To get a list of basic options and switches use:

python sqlmap.py -h

To get a list of all options and switches use:

python sqlmap.py -hh

You can find a sample run here. To get an overview of sqlmap capabilities, a list of supported features, and a description of all options and switches, along with examples, you are advised to consult the user's manual.

Links

Translations