The tool that sees every
SQL injection.
Open-source automation for detecting and exploiting SQL injection flaws — and taking over the databases behind them.
1 stars1 forks1 watching1 downloads/month
Open-source automation for detecting and exploiting SQL injection flaws — and taking over the databases behind them.
A powerful detection engine paired with a deep arsenal for the serious penetration tester — from fingerprinting the backend to measuring real risk by exploiting what it finds.
Two decades of real pentests and thousands of community bug reports across a vast range of technology stacks and edge cases have iteratively refined the detection engine to a high degree of accuracy.
Boolean-based blind, time-based blind, error-based, UNION query and stacked queries. Detection confirms the exact payload that exploits the flaw. See the techniques in detail →
Support for 40+ database backends — both traditional relational engines (MySQL, Oracle, PostgreSQL, SQL Server) and cloud data warehouses (Amazon Redshift, Snowflake, ClickHouse).
A robust engine for each backend's SQL dialect, with an active fingerprinting technique that identifies the database with precision.
Hunt down specific database names, tables across every database, or columns across every table — fast way to surface the tables holding credentials and other sensitive data.
Exploiting and leveraging the injection measures risk in context — what the session user can actually reach. Enumerate the schema and exfiltrate the sensitive data within reach to show exactly what is at stake.
Read and write the underlying file system, execute commands on the operating system where the backend permits, and pivot further into the network — demonstrating true blast radius.
See the full feature list on the wiki.
A recorded sqlmap session — detection through exploitation, end to end.
Extensive usage documentation covers every option, switch and example.
Free and open for the community. A clean commercial license for companies embedding sqlmap into a proprietary product.