sqlmap is an open source penetration testing tool developed in Python that automates the process of detecting and exploiting SQL injection and taking over of database servers. This makes the tool independent from the operating system. sqlmap relies on the Metasploit Framework for some of its post-exploitation takeover features.
Features
Reference:
sqlmap user's manual (HTML and PDF).
Features
- Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
- Full support for five SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query and stacked queries.
- Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
- Support to enumerate database users, users' password hashes, users' privileges, users' roles, databases, tables and columns.
- Automatic recognition of password hashes format and support to crack them with a dictionary-based attack.
Reference:
sqlmap user's manual (HTML and PDF).
No comments:
Post a Comment