mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-23 01:56:36 +03:00
111 lines
3.4 KiB
Plaintext
111 lines
3.4 KiB
Plaintext
<!doctype linuxdoc system>
|
|
|
|
<article>
|
|
|
|
<title>sqlmap - Frequently Asked Questions
|
|
<author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">,
|
|
<htmlurl url="mailto:miroslav.stampar@gmail.com" name="Miroslav Stampar">
|
|
<date>March 10, 2011
|
|
<abstract>
|
|
This document contains frequently asked questions for <htmlurl
|
|
url="http://sqlmap.sourceforge.net" name="sqlmap">.
|
|
</abstract>
|
|
|
|
<toc>
|
|
|
|
<sect>Frequently Asked Questions
|
|
|
|
<sect1>What is sqlmap?
|
|
|
|
<p>
|
|
sqlmap is an open source penetration testing tool that automates the
|
|
process of detecting and exploiting SQL injection flaws and taking over
|
|
of database servers. It comes with a kick-ass detection engine, many niche
|
|
features for the ultimate penetration tester and a broad range of switches
|
|
lasting from database fingerprinting, over data fetching from the
|
|
database, to accessing the underlying file system and executing commands
|
|
on the operating system via out-of-band connections.
|
|
|
|
<sect1>How do I execute sqlmap?
|
|
|
|
<p>
|
|
If you are running on a Unix/Linux system type the following command
|
|
from a terminal:
|
|
<tscreen><verb>
|
|
python sqlmap.py -h
|
|
</verb></tscreen>
|
|
|
|
<p>
|
|
If you are running on a Windows system type the following command
|
|
from a terminal:
|
|
<tscreen><verb>
|
|
C:\Python26\python.exe sqlmap.py -h
|
|
</verb></tscreen>
|
|
|
|
<p>
|
|
Where <tt>C:\Python26</tt> is the path where you installed <htmlurl
|
|
url="http://www.python.org" name="Python"> <bf>>= 2.6</bf>.
|
|
|
|
<sect1>Can I integrate sqlmap with a security tool I am developing?
|
|
|
|
<p>
|
|
Yes. sqlmap is released under the terms of the GPLv2, which means that any
|
|
derivative work must be distributed without further restrictions on the
|
|
rights granted by the GPL itself. If this constitutes a problem, feel free
|
|
to contact us so we can find a solution.
|
|
|
|
<sect1>How can I integrate sqlmap with my own tool?
|
|
|
|
<p>
|
|
TODO
|
|
|
|
<sect1>Will you support other database management systems?
|
|
|
|
<p>
|
|
Yes. There are plans to support also IBM DB2, Informix and Ingres at some
|
|
point.
|
|
|
|
<sect1>How can I occasionally contribute?
|
|
|
|
<p>
|
|
All help is greatly appreciated. First of all download the tool, make sure
|
|
you are running the latest development version from the Subversion
|
|
repository, read the user's manual carefully, have fun with it during your
|
|
penetration tests.
|
|
If you find bugs or have ideas for possible improvements, feel free to
|
|
<htmlurl url="http://sqlmap.sourceforge.net/#ml" name="get in touch on the
|
|
mailing list">. Many people have <htmlurl
|
|
url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/THANKS"
|
|
name="contributed"> in different ways to the sqlmap development.
|
|
<bf>You</bf> can be the next!
|
|
|
|
<sect1>Can I actively contribute in the long-term development?
|
|
|
|
<p>
|
|
Yes, we are looking for people who can write some clean Python code, are
|
|
up to do security research, know about web application security, database
|
|
assessment and takeover, software refactoring and are motivated to join
|
|
the development team.
|
|
If this sounds interesting to you, <htmlurl
|
|
url="http://sqlmap.sourceforge.net/#developers" name="get in touch">!
|
|
|
|
<sect1>How can I support the development?
|
|
|
|
<p>
|
|
If you think that sqlmap is a great tool, it really played well during
|
|
your penetration tests, or you simply like it, you, or your boss, can
|
|
<htmlurl url="http://sqlmap.sourceforge.net/#donate" name="donate
|
|
some money"> to the developers via PayPal.
|
|
|
|
<sect1>Can you hack a site for me?
|
|
|
|
<p>
|
|
<bf>No</bf>.
|
|
|
|
<sect1>How sqlmap decides this and that?
|
|
|
|
<p>
|
|
TODO
|
|
|
|
</article>
|