sqlmap — automatic SQL injection and database takeover tool
The tool that sees every
SQL injection.
Open-source automation for detecting and exploiting SQL injection flaws — and taking over the databases behind them.
1 stars1 forks1 watching1 downloads/month
5
SQL injection techniques
20
years in active development
Capabilities
Detection. Exploitation. Takeover.
A powerful detection engine paired with a deep arsenal for the serious penetration tester — from fingerprinting the backend to measuring real risk by exploiting what it finds.
Battle-tested detection
Two decades of real pentests and thousands of community bug reports across a vast range of technology stacks and edge cases have iteratively refined the detection engine to a high degree of accuracy.
Five injection techniques
Boolean-based blind, time-based blind, error-based, UNION query and stacked queries. Detection confirms the exact payload that exploits the flaw. See the techniques in detail →
Relational & cloud backends
Support for 40+ database backends — both traditional relational engines (MySQL, Oracle, PostgreSQL, SQL Server) and cloud data warehouses (Amazon Redshift, Snowflake, ClickHouse).
SQL dialect engine
A robust engine for each backend's SQL dialect, with an active fingerprinting technique that identifies the database with precision.
Search across databases
Hunt down specific database names, tables across every database, or columns across every table — fast way to surface the tables holding credentials and other sensitive data.
Measure contextualized risk
Exploiting and leveraging the injection measures risk in context — what the session user can actually reach. Enumerate the schema and exfiltrate the sensitive data within reach to show exactly what is at stake.
Takeover & pivot
Read and write the underlying file system, execute commands on the operating system where the backend permits, and pivot further into the network — demonstrating true blast radius.
See the full feature list on the wiki.
Demo
See it in action.
A recorded sqlmap session — detection through exploitation, end to end.
Extensive usage documentation covers every option, switch and example.
Licensing
Dual-licensed by design.
Free and open for the community. A clean commercial license for companies embedding sqlmap into a proprietary product.
Open source
GPLv2
- Free to use, study, modify and redistribute
- The choice for researchers, pentesters and DevSecOps
- Copyleft obligations extend to products that embed it
For products
Commercial license
- Embed sqlmap technology into a proprietary product
- Free of GPLv2 copyleft obligations
- The proven SQL injection engine your customers already trust