The Sqlmap it is one penetration testing open source tool that automates the process of detecting and exploiting defects SQL injection and retrieving server databases.
Characteristics
- Full support for database management systems MySQL, Oracle , PostgreSQL , Microsoft SQL Server , Microsoft Access , IBM DB2 , SQLite , Firebird , Sybase , SAP MaxDB και HSQLDB .
- Full support for five SQL import techniques: boolean-based blind, time-based blind, error-based, UNION queryκαι stacked queries.
- Support for directly to the database without being done through SQL injection, providing DBMS credentials, IP address, port and database name.
- It is possible to provide a single target URL, get the target list from the request logs server of Burp or his server WebScarab , receive the entire HTTP request from a text file, or receive the list of targets by providing sqlmap a Google dork asking a question to Google and analyzes its results page. You can also define a field based on the regular expression used to specify the addresses to be parsed.
- Option to define it maximum number of HTTP (S) (multi-threading) requests to speed up techniques SQL injection. Conversely, it is also possible to specify the number of seconds between each HTTP request (S).
- Automatically manages HTTP header Set cookie from the application, restoring the session if it expires. Testing and operating at these prices is also supported. Conversely, you can also ignore any header Set cookie .
- HTTP protocol support Basic, Digest, NTLM and certificate .
- Support HTTP Proxy (S) for transmitting requests to the destination application that also works with HTTPS requests and certified proxies.
- Options for price falsification HTTP header Referer and price HTTP header set User Agent are user-defined or randomly selected from a text file.
- Support for analysis of HTML formsfrom the destination URL and create HTTP requests (S) on these pages to test form parameters for vulnerabilities.
- Automatically saves the session (queries and their output, even if partially retrieved) to a real-time text file when downloading data, and continues the injectionanalyzing the session file.
- Support for playback of back-end database structure and table entriesin a local SQLite 3 database.
- Option to update sqlmap in the latest development version from the subversion repository.
- Support for parsing HTTP (S) responses and displaying any DBMS error message to the user.
- Integration with open source IT security projects such as Metasploit and w3af .
You can download the program from here.
Spread the news
EncroChat encryption break leads to 746 arrests
Comment Policy:
IGuRu.gr does not post comments directly. Malicious comments, comments that include ads, or comments with insults are deleted without any notice. We do not adopt the views expressed by our readers.
Your comments will be displayed after approval by the administrators