sqlmap
Automatic SQL injection and database takeover tool

sqlmap is an open source penetration testing tool that automates the detection and exploitation of SQL injection vulnerabilities in web applications. It supports a wide range of database management systems and SQL injection techniques, and can perform actions such as database fingerprinting, data extraction, file system access, and OS command execution. The tool is available via Git clone or direct download and is licensed under the GNU GPL v2.
sqlmap automates the process of detecting SQL injection flaws using multiple injection techniques and a powerful detection engine, then exploits them to extract data or gain control of the database server.
Security researchers and penetration testers
Background.
- Status
- launched
- Business model
- open-source
- Launched
- 2006
Similar projects.
Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.
Have a take on this space?
Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.