SQLMap

VERIFIED

Automatic SQL injection detection and exploitation tool

Exploitation FrameworksOSS

Intermediate

LinuxWindowsmacOS

Description

SQLMap is the premier open-source tool for detecting and exploiting SQL injection vulnerabilities. It supports all major database backends including MySQL, PostgreSQL, Oracle, MSSQL, and SQLite. Its features include database fingerprinting, data extraction, file system access, OS command execution, and out-of-band techniques for comprehensive database server takeover.

Use Cases

Automated SQL injection detection and exploitation
Database enumeration and data extraction
OS-level command execution through SQL injection

Attack Phases

01. RECON

02. SCAN

03. EXPLOIT

04. PERSIST

05. COVER

MITRE ATT&CK Techniques (2)

T1190Exploit Public-Facing Application

Related Tools (3)

Nmap Nuclei BeEF