SQLMap 0.7 – SQL Injection Tool

SQLMap - MySQL,Oracle Injection tool

SQLMap is an open source command-line automatic SQL Injection tool. ts goal is to detect and take advantage of SQL injection vulnerabilities in web applications.

• Once it detects one or more SQL Injections on the target host, the user can chose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database enumerate users, passwords hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns.
• Run this SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attack box and the database server via MetaSploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
• Full support for MySQL, Oracle, PostgreSQL and Microsoft SQL Server band-end database management systems.
• Full support of three SQL techniques : Inferential blind SQL Injection, UNION query (inband) SQL Injection and batched queries support. SQLMap can also test for time based blind SQL injection.
• HTTP Cookie header string support.
• HTTP Basic and Digest Authentications support.
• Anonymouse HTTP Proxy support to by pass the request to the target URL that works also with HTTPS requests.
• Estimated time of arrival support for each query.
• PHP setting magic_quotes_gpc bypass by encoding every query string, between single quotes, with CHAR, or similar, database management system function.
• For detail feature list, visit official document here

Download from sourceforge.net

Independent Operating System here

RPM Package here

Debian Package here

Windows Executable here