Table of Contents
Dependencies
sqlmap is developed in Python, a dynamic, object-oriented, interpreted programming language freely available from http://python.org/download/. This makes sqlmap a cross-platform application which is independant of the operating system. sqlmap requires Python version 2.6, 2.7 or 3.x. To make it even easier, many GNU/Linux distributions come out of the box with Python installed. Other Unixes and Mac OSX also provide Python packaged and ready to be installed. Windows users can download and install the Python installer for x86, AMD64 and Itanium.
sqlmap relies on the Metasploit Framework for some of its post-exploitation takeover features. You can grab a copy of the framework from the download page - the required version is 3.5 or higher. For the ICMP tunneling out-of-band takeover technique, sqlmap requires the Impacket library too.
If you are willing to connect directly to a database server (switch -d
), without passing through the web application, you need to install Python bindings for the database management system that you are going to attack:
- DB2: python ibm-db
- Firebird: python-kinterbasdb
- Microsoft Access: python-pyodbc
- Microsoft SQL Server: python-pymssql
- MySQL: python pymysql
- Oracle: python cx_Oracle
- PostgreSQL: python-psycopg2
- SQLite: python-pysqlite2
- Sybase: python-pymssql
If you plan to attack a web application behind a NTLM authentication you'll need to install python-ntlm library.
Optionally, if you are running sqlmap on Windows, you may wish to install the PyReadline library in order to take advantage of the sqlmap TAB completion and history support features in the SQL shell and OS shell. Note that these functionalities are available natively via the standard Python readline library on other operating systems.
Contents
User's manual
- Introduction - Introductory to sqlmap
- Techniques - SQLi techniques supported by sqlmap
- Features - Brief list of supported features
- Download and update - Keep your copy up-to-date
- Dependencies - Information about used third-party libraries and tools
- History - History from 2006 to 2024
- Usage - Exhaustive breakdown of all options and switches together with examples
- License - Copyright information
Miscellaneous
- FAQ - Frequently Asked Questions
- Presentations - Materials from sqlmap team presented at conferences
- Screenshots - Collection of screenshots demonstrating some of features
- Third party libraries - Detailed information about third-party libraries and tools used by sqlmap