Scribd
Upload
189 views

SQL Map (-1

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws to take over database servers. It supports various database types like MySQL, Oracle, Microsoft SQL Server, and others. Sqlmap can enumerate users, passwords, privileges, crack passwords, dump entire database tables, search for specific database names/tables/columns, and extract other information like the current user, database, and list of databases. The typical workflow with Sqlmap is to find a vulnerable website, identify possible SQL injection points, use Sqlmap or manual testing to verify SQLI vulnerabilities exist, and then exploit any vulnerabilities found.

Uploaded by

Saddam Ranjhani
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
189 views

SQL Map (-1

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws to take over database servers. It supports various database types like MySQL, Oracle, Microsoft SQL Server, and others. Sqlmap can enumerate users, passwords, privileges, crack passwords, dump entire database tables, search for specific database names/tables/columns, and extract other information like the current user, database, and list of databases. The typical workflow with Sqlmap is to find a vulnerable website, identify possible SQL injection points, use Sqlmap or manual testing to verify SQLI vulnerabilities exist, and then exploit any vulnerabilities found.

Uploaded by

Saddam Ranjhani
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Sqlmap

Team Members
Saddam Khan FA18-MSSE-0007
Umair ali fa16-mscs-0064
Fahad Shafique SP17-MBAG-0014
Abdullah
Muhammad Salman ahmed FA16-MSCS-0059
Sheikh Kamil sajjad FA18-MSSE-0001
sqlmap

 It is Open Source Tool to use sql injection in better and simple way

 Sql developed in Python


 Sqlmap is an open source penetration tool that automates the process and
detecting and exploiting SQL injection flaws and taking over of database
servers.
 MySql
 Oracle
 Microsoft Access

Sqlmap  IBM DB2


 SQ Lite
 Firebird
It support various type of databases like
 Sybase
 Informix database management
Systems
 HSQLDB
 Microsoft SQL Server
 Enumerates users, passwords hashes,
privileges.

Sqlmap  Cracking password using a directory-


based attacked.
SQL injection techniques
 Support to dumb database tables
entirely.

 Support to search for specific


database names, specific tables across
all databases or specific databases or
specific columns across all databases
tables.
 Recover Session with Sqlmap
--current-user
 Detect current database using Sqlmap
--current-db
Sqlmap
 List database using Sqlmap
Extration Information --dbs for table –T and for column
with Sqlmap -C

-f
 Find a vulnerable website

Sqlmap
 Identify possible injections points

Workflow
 Identify Sqli vulnerabilities:
 By using Sqlmap
 Manual testing
 Exploit Sqli vulnerabilities

 Exploit Sqli vulnerabilities

You might also like