Sqlmap

sqlmap is a free and open source software for automating the process of detecting and exploiting SQL injection flaws. it also has ability to take over the back-end database servers. In order to perform this task, sqlmap sends specially crafted data to the target host and then analyzes the responses. Apart from exploiting SQL injection vulnerabilities, sqlmap offers many functionalities like dumping data, executing arbitrary commands, automatic recognition of password hashes etc.

Since sqlmap is developed using Python programming language it can run on almost all major platforms where Python can run. Major penetration testing distributions like BackTrack and Samurai Web Testing Framework comes with sqlmap.

Generic features

 * Supports major database management systems including but not limited to MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB.
 * Incorporates five SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query and stacked queries.
 * Direct database connection facility just like a SQL client.
 * Diversity of various methods to provide input ranging from providing a single target URL to providing a Google dork which queries Google search engine and parses its results page. It is also possible to use regular expressions to specify the scope of injection.
 * Ability to inject code at various entry points including GET parameters, POST parameters, HTTP Cookie header values, HTTP User-Agent header value and HTTP Referer header.
 * Multi-thread capability
 * Ability to scan web application which requires authentication. This is usually done by supplying cookies externally.
 * Various Certificate authentications support.
 * Ability to fake the HTTP Referer header value and the HTTP User-Agent header value.
 * User can select between seven levels of verbosity.
 * Ability to parse HTML forms.
 * Sessions are saved automatically and the scanning process can be resumed this way.
 * Ability to replicate entire target database locally.
 * Ability to work with other IT security open source projects like Metasploit and w3af.

Basic commands
python sqlmap.py -u "< target URL >" e.g. : python sqlmap.py -u "http://localhost/index.php?id=3" python sqlmap.py -u "< target URL >" --dbs python sqlmap.py -u "< target URL >" --columns -D -T -C e.g. : python sqlmap.py -u "http://localhost/index.php?id=3" --columns -D main -T users -C password python sqlmap.py -u "< target URL >" --dump -T users e.g. : python sqlmap.py -u "http://localhost/index.php?id=3" --dump -T users
 * For target specifications:
 * To list databases
 * Enumerate database table columns
 * Dump database table entries

Graphical interfaces


sqlmap win is a graphical command builder for sqlmap. It was written in C# by Thomas Hawes. Another feature rich command builder for sqlmap has been developed later in Python by programmer known as 'xcedz'