• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
iGuRu

iGuRu

Real-time Technology News. Opinions & Tweaks

  • / news
  • / infosec
  • / tools
  • / tweaks
  • / dummies
  • / opinions
  • / support
  • / yourpost
home / tools / sqlmap: automatic process for detecting and exploiting SQL injection defects

sqlmap: automatic process for detecting and exploiting SQL injection defects

03/07/2020 07:48 by Anastasis Vasileiadis

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection defects and retrieving server databases.

Annotation 2019 01 06 093222 - sqlmap: automatic process for detecting and exploiting SQL injection defects

Character

  • Full support for database management systems MySQL,  Oracle ,  PostgreSQL ,  Microsoft SQL Server ,  Microsoft Access ,  IBM DB2 ,  SQLite ,  Firebird ,  Sybase ,  SAP MaxDB  and  HSQLDB .
  • Full support for five SQL import techniques:  boolean-based blind, time-based blind, error-based, UNION queryand stacked queries.
  • Support for  directly to the database without SQL injection, providing DBMS credentials, IP address, port and database name.
  • It is possible to provide a single target URL, to receive the target list from the request logs server of Burp or his server WebScarab , get the entire HTTP request from a text file or get the list of targets by providing sqlmap with a Google dork query on  Google and analyzes its results page. You can also define a field based on the regular expression used to specify the addresses to be parsed.
  • Option to define it  maximum number of HTTP (S) (multi-threading) requests to speed up SQL injection techniques. Conversely, it is also possible to specify the number of seconds between each HTTP request (S).
  • Manages automatically HTTP header Set cookie from the application, restoring the session if it expires. Testing and operating at these prices is also supported. Conversely, you can also ignore any header Set cookie .
  • HTTP protocol support  Basic, Digest, NTLM and certificate .
  • Support HTTP Proxy (S) to transmit requests to the destination application that also works with HTTPS requests and certified proxies.
  • Options for price falsification HTTP header Referer and price  HTTP header set User Agent are user-defined or randomly selected from a text file.
  • Support for  analysis of HTML formsfrom the destination URL and create HTTP requests (S) on these pages to test form parameters for vulnerabilities.
  • Automatically saves the session (queries and their output, even if partially retrieved) to a real-time text file when downloading data, and  continues the injectionanalyzing the session file.
  • Support for  playback of back-end database structure and table entriesin a local SQLite 3 database.
  • Option to update sqlmap to the latest development version from the subversion repository.
  • Support for parsing HTTP (S) responses and displaying any DBMS error message to the user.
  • Integration with open source IT security projects such as Metasploit and w3af .

You can download the program from here.

sqlmap: automatic process for detecting and exploiting SQL injection defects was last modified: 3 July, 2020, 7: 48 am by Anastasis Vasileiadis

spread the news

  • Facebook
  • Twitter
  • Reddit
  • Printing
  • Email

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News


Competition: toolstag: penetration testing, SQL injection, sqlmap

You May Also Like

jSQL Injection: Automatic SQL database injection with Java
iGuRu
Vulnerable Web Application: Test your penetration testing skills
Penetration Testing and security programs

About Us Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Previous Post: « EncroChat encryption break leads to 746 arrests
Next Post: Detect hidden surveillance cameras with your phone »

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators


Leave your comment
Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

 

 © 2021 · iGuRu.gr · ☢ · Keep It Simple Stupid Genesis theme

about  ·   get in touch  ·  rss  ·  sitemap  ·  cough

loading Cancel
Could not post post - check your email address!
Email verification failed, please try again
Your blog can not post posts via email.