kandi background
Explore Kits

sqlmap | Automatic SQL injection and database takeover tool | Security Testing library

 by   sqlmapproject Python Version: 1.6 License: Non-SPDX

 by   sqlmapproject Python Version: 1.6 License: Non-SPDX

Download this library from

kandi X-RAY | sqlmap Summary

sqlmap is a Python library typically used in Testing, Security Testing applications. sqlmap has no bugs, it has no vulnerabilities and it has high support. However sqlmap build file is not available and it has a Non-SPDX License. You can download it from GitHub.
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.
Support
Support
Quality
Quality
Security
Security
License
License
Reuse
Reuse

kandi-support Support

  • sqlmap has a highly active ecosystem.
  • It has 22565 star(s) with 4703 fork(s). There are 1044 watchers for this library.
  • There were 1 major release(s) in the last 12 months.
  • There are 48 open issues and 4552 have been closed. On average issues are closed in 0 days. There are 4 open pull requests and 0 closed requests.
  • It has a negative sentiment in the developer community.
  • The latest version of sqlmap is 1.6
sqlmap Support
Best in #Security Testing
Average in #Security Testing
sqlmap Support
Best in #Security Testing
Average in #Security Testing

quality kandi Quality

  • sqlmap has 0 bugs and 0 code smells.
sqlmap Quality
Best in #Security Testing
Average in #Security Testing
sqlmap Quality
Best in #Security Testing
Average in #Security Testing

securitySecurity

  • sqlmap has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
  • sqlmap code analysis shows 0 unresolved vulnerabilities.
  • There are 0 security hotspots that need review.
sqlmap Security
Best in #Security Testing
Average in #Security Testing
sqlmap Security
Best in #Security Testing
Average in #Security Testing

license License

  • sqlmap has a Non-SPDX License.
  • Non-SPDX licenses can be open source with a non SPDX compliant license, or non open source licenses, and you need to review them closely before use.
sqlmap License
Best in #Security Testing
Average in #Security Testing
sqlmap License
Best in #Security Testing
Average in #Security Testing

buildReuse

  • sqlmap releases are available to install and integrate.
  • sqlmap has no build file. You will be need to create the build yourself to build the component from source.
  • Installation instructions, examples and code snippets are available.
  • sqlmap saves you 60308 person hours of effort in developing the same functionality from scratch.
  • It has 65848 lines of code, 2852 functions and 483 files.
  • It has high code complexity. Code complexity directly impacts maintainability of the code.
sqlmap Reuse
Best in #Security Testing
Average in #Security Testing
sqlmap Reuse
Best in #Security Testing
Average in #Security Testing
Top functions reviewed by kandi - BETA

kandi has reviewed sqlmap and discovered the below as its top functions. This is intended to give you an instant insight into sqlmap implemented functionality, and help decide if they suit your requirements.

  • Main entry point
    • Get client client
    • Retrieve the response
    • Crawl a URL
    • Create an argument parser
  • Create argument parser
    • Write data to sys stdout
    • Check for deprecated options
    • Sets the system encoding
  • Start the launcher
    • Append a value to the end of the array
    • Execute the SQL action
    • Check if a column exists
  • Search for a column
    • Retrieve a remote URL
      • Updates the latest version of the sqlmap
        • Concatenate a query
          • Checks if the database is valid
            • Get a client using the command line interface
              • Adds a limit number to the query
                • Generate a payload
                  • Injects the shared library
                    • Initialize web application
                      • Dump table values
                        • Validate options
                          • Establish connection to the database
                            • Clean up configuration options
                              • Get password hashes
                                • Crawl a site
                                  • Initialize knowledge base

                                    Get all kandi verified functions for this library.

                                    Get all kandi verified functions for this library.

                                    sqlmap Key Features

                                    Automatic SQL injection and database takeover tool

                                    Installation

                                    copy iconCopydownload iconDownload
                                    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
                                    

                                    Usage

                                    copy iconCopydownload iconDownload
                                    python sqlmap.py -h
                                    

                                    Make alias in powershell to run the command that may include further parameters

                                    copy iconCopydownload iconDownload
                                    function sqlmap {
                                      python D:\tools\sqlmap-master\sqlmap.py @args
                                    }
                                    

                                    Calling a stored procedure in mybatis

                                    copy iconCopydownload iconDownload
                                    SQL> select object_name from all_objects where object_type = 'PROCEDURE'
                                      2                                        and upper(object_name) like 'TEST%';
                                    
                                    no rows selected
                                       
                                    
                                    SQL> exec test_proc;
                                    BEGIN test_proc; END;
                                    
                                          *
                                    ERROR at line 1:
                                    ORA-06550: line 1, column 7:
                                    PLS-00201: identifier 'TEST_PROC' must be declared
                                    ORA-06550: line 1, column 7:
                                    PL/SQL: Statement ignored
                                    
                                    
                                    SQL>
                                    
                                    SQL> select object_name from all_objects where object_type = 'PROCEDURE'
                                      2                                        and upper(object_name) like 'TEST%';
                                    
                                    no rows selected
                                       
                                    
                                    SQL> exec test_proc;
                                    BEGIN test_proc; END;
                                    
                                          *
                                    ERROR at line 1:
                                    ORA-06550: line 1, column 7:
                                    PLS-00201: identifier 'TEST_PROC' must be declared
                                    ORA-06550: line 1, column 7:
                                    PL/SQL: Statement ignored
                                    
                                    
                                    SQL>
                                    

                                    U-SQL trying to Extract a list of ints from nested JSON object

                                    copy iconCopydownload iconDownload
                                    @CreateJSONTuple = 
                                    SELECT 
                                           A.ErrorReason AS Reason
                                    FROM @pre
                                         CROSS APPLY
                                            EXPLODE (ErrorReasons_Array) AS A(ErrorReason);
                                    

                                    MyBatis: how to pass default parameter to every query

                                    copy iconCopydownload iconDownload
                                    SHA2('${secretKey}', 512)
                                    

                                    Can't install packages like simpleHTTPServer with pip2.7

                                    copy iconCopydownload iconDownload
                                    python -m SimpleHTTPServer
                                    
                                    python3 -m http.server 
                                    
                                    python -m SimpleHTTPServer
                                    
                                    python3 -m http.server 
                                    

                                    How sqlmap internally works?

                                    copy iconCopydownload iconDownload
                                    C:\Users\[User]\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\Local
                                    

                                    RobotFrameWork with Eclipse - SSHLibrary doesn't seem to do anything. (based on book: Practical Security Automation and Testing)

                                    copy iconCopydownload iconDownload
                                    *** Variables ***
                                    ${HOST_URL}  http://demo.testfire.net
                                    ${output}=  Execute Command  python sqlmap.py -u ${HOST_URL} --batch --banner
                                    
                                    *** Test Cases ***
                                    SQL Injection Testing
                                        ${output}=  Execute Command  python sqlmap.py -u ${HOST_URL} --batch --banner
                                        Should Not Contain  ${output}  vulnerable
                                    
                                    *** Variables ***
                                    ${HOST_URL}  http://demo.testfire.net
                                    ${output}=  Execute Command  python sqlmap.py -u ${HOST_URL} --batch --banner
                                    
                                    *** Test Cases ***
                                    SQL Injection Testing
                                        ${output}=  Execute Command  python sqlmap.py -u ${HOST_URL} --batch --banner
                                        Should Not Contain  ${output}  vulnerable
                                    
                                    *** Settings ***
                                    Library  SSHLibrary
                                    Library  Collections
                                    Library  String
                                    Library  RequestsLibrary
                                    Library  OperatingSystem
                                    
                                    *** Variables ***
                                    ${HOST_URL}  http://demo.testfire.net
                                    ${url}  http://demo.testfire.net
                                    ${SpiderScan}  http://localhost:8090/JSON/spider/action/scan/?zapapiformat=JSON&formatMethod=GETurl=${url}&maxChildren=&recurse=&ontextName=&subtreeOnly=
                                    
                                    *** Test Cases ***
                                    SQL Injection Testing
                                      Get Connection    host=http://demo.testfire.net
                                      ${output}=  Execute Command  python sqlmap.py -u ${HOST_URL} --batch --banner
                                      Should Not Contain  ${output}  vulnerable
                                      
                                    
                                    ZAP Spider Scan
                                      [Tags]  get skip
                                      Create session   ZAP  ${SpiderScan}
                                      ${resp}=    Get Request     ZAP   /
                                      Should Be Equal As Strings    ${resp.status_code}    200
                                    

                                    What changes are required to use Hibernate along with IBatis and jdbc connection pooling

                                    copy iconCopydownload iconDownload
                                    <!-- <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
                                            <property name="dataSource" ref="dataSource" />
                                        </bean> -->
                                    
                                        <bean id="hibernateSessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
                                          <property name="dataSource" ref="dataSource" />
                                          <property name="packagesToScan" value="com.test.database.domain" />
                                          <property name="hibernateProperties">
                                             <props>
                                                <prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
                                                <prop key="hibernate.show_sql">true</prop>
                                                <prop key="hibernate.format_sql">true</prop>
                                             </props>
                                          </property>
                                       </bean>  
                                       <bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager">
                                          <property name="sessionFactory" ref="hibernateSessionFactory" />
                                       </bean> 
                                       <bean id="persistenceExceptionTranslationPostProcessor" class="org.springframework.dao.annotation.PersistenceExceptionTranslationPostProcessor"/>
                                    

                                    How to define optional fields in POJO when mapping to a native query result

                                    copy iconCopydownload iconDownload
                                    @SqlResultSetMapping(name="GetTrucksDueResultMapping",
                                    classes={
                                    @ConstructorResult(targetClass=GetTrucksDueResultModel.class,
                                        columns={
                                            @ColumnResult(name="DRIVERS", type=Integer.class)
                                    
                                        })
                                    })
                                    
                                    public GetTrucksDueResultModel(T,Integer DRIVERS)
                                    {
                                        this.drvr_id = "";
                                        this.reg_id = "";
                                        this.NEXT_DT = "";
                                        this.DRIVERS = DRIVERS;
                                    }
                                    
                                    @SqlResultSetMapping(name="GetTrucksDueResultMapping",
                                    classes={
                                    @ConstructorResult(targetClass=GetTrucksDueResultModel.class,
                                        columns={
                                            @ColumnResult(name="DRIVERS", type=Integer.class)
                                    
                                        })
                                    })
                                    
                                    public GetTrucksDueResultModel(T,Integer DRIVERS)
                                    {
                                        this.drvr_id = "";
                                        this.reg_id = "";
                                        this.NEXT_DT = "";
                                        this.DRIVERS = DRIVERS;
                                    }
                                    

                                    JSON response and POJO have column names with different case

                                    copy iconCopydownload iconDownload
                                    @Configuration
                                    public class JsonConfig {
                                    
                                        @Bean
                                        public Jackson2ObjectMapperBuilder objectMapperBuilder() {
                                    
                                            return new Jackson2ObjectMapperBuilder() {
                                    
                                                @Override
                                                public void configure(ObjectMapper objectMapper) {
                                                    super.configure(objectMapper);
                                                    objectMapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE);
                                                    objectMapper.setVisibility(PropertyAccessor.FIELD, Visibility.ANY);
                                                }
                                            };
                                        }
                                    }
                                    

                                    Community Discussions

                                    Trending Discussions on sqlmap
                                    • Is it possible to use SQLMAP against an ODBC driver connection?
                                    • Make alias in powershell to run the command that may include further parameters
                                    • MyBatis ResultMap Association Java Api
                                    • Calling a stored procedure in mybatis
                                    • U-SQL trying to Extract a list of ints from nested JSON object
                                    • MyBatis: how to pass default parameter to every query
                                    • How to implement multiple Reader using db in Spring Batch
                                    • Special characters in URL leads to 403
                                    • bad interpreter: /usr/bin/python3: no such file or directory on Kali Linux
                                    • Can't install packages like simpleHTTPServer with pip2.7
                                    Trending Discussions on sqlmap

                                    QUESTION

                                    Is it possible to use SQLMAP against an ODBC driver connection?

                                    Asked 2021-Nov-30 at 16:41

                                    Is it possible to use sqlmap against an ODBC connection so that I can test the database with SQLMAP if there are some vulnerabilities? Maybe is it possible to use SQLMAP in the context of pyodbc?

                                    I want to test if the ODBC driver has some vulnerabilities and therefore wanted to run sqlmap.

                                    ANSWER

                                    Answered 2021-Nov-30 at 16:41

                                    Nope.. SQL Map is primarily a tool to do all kind of injection attacks across the well known databases . The injection vulnerabilities are a result of lack of or improper input sanitization at the application level .

                                    The ODBC driver however is more like a protocol handler for a particular database , where on one end it connects over the database over the network and on the other side interacts with the database library used by the programmer in the application .

                                    Typically just like other software , ODBC drivers may have vulnerabilities due to the usage of other vulnerable components / libraries used for the development. Though other things also may exists due to poor coding , lack of validation and improper bounds check.

                                    Source https://stackoverflow.com/questions/70172648

                                    Community Discussions, Code Snippets contain sources that include Stack Exchange Network

                                    Vulnerabilities

                                    No vulnerabilities reported

                                    Install sqlmap

                                    You can download the latest tarball by clicking here or latest zipball by clicking here.

                                    Support

                                    Homepage: https://sqlmap.orgDownload: .tar.gz or .zipCommits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atomIssue tracker: https://github.com/sqlmapproject/sqlmap/issuesUser's manual: https://github.com/sqlmapproject/sqlmap/wikiFrequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQTwitter: @sqlmapDemos: https://www.youtube.com/user/inquisb/videosScreenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

                                    DOWNLOAD this Library from

                                    Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
                                    over 430 million Knowledge Items
                                    Find more libraries
                                    Reuse Solution Kits and Libraries Curated by Popular Use Cases
                                    Explore Kits

                                    Save this library and start creating your kit

                                    Explore Related Topics

                                    Share this Page

                                    share link
                                    Reuse Pre-built Kits with sqlmap
                                    Consider Popular Security Testing Libraries
                                    Try Top Libraries by sqlmapproject
                                    Compare Security Testing Libraries with Highest Support
                                    Compare Security Testing Libraries with Highest Quality
                                    Compare Security Testing Libraries with Highest Security
                                    Compare Security Testing Libraries with Permissive License
                                    Compare Security Testing Libraries with Highest Reuse
                                    Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
                                    over 430 million Knowledge Items
                                    Find more libraries
                                    Reuse Solution Kits and Libraries Curated by Popular Use Cases
                                    Explore Kits

                                    Save this library and start creating your kit

                                    • © 2022 Open Weaver Inc.