sqlmap

sqlmap is a powerful open-source penetration testing tool that automates the detection and exploitation of SQL injection vulnerabilities in web applications. Written in Python, it allows security professionals, red teams, and researchers to test database-driven apps for SQLi issues with minimal manual intervention, while still offering deep customization and control.

sqlmap supports a wide range of SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries, and out-of-band. It can fingerprint databases, enumerate users, dump data, read/write files, and even execute OS commands where possible. With support for major database engines like MySQL, PostgreSQL, Microsoft SQL Server, Oracle, and SQLite, sqlmap is widely used in professional security assessments and CTFs alike.

Thanks to its extensive documentation, built-in wizards, and flexible CLI options, sqlmap is accessible for both beginners and seasoned professionals. Whether you’re auditing a legacy PHP web app or testing modern frameworks, sqlmap provides a fast and structured workflow to identify and confirm SQL injection vectors reliably and safely.

Key features:

  • Supports multiple injection methods: boolean, time-based, error-based, UNION, stacked queries, and out-of-band
  • Automatic DBMS detection, database and table enumeration, data dumping
  • File system access and command execution (if allowed)
  • Custom HTTP headers, cookie injection, proxy support, Tor routing
  • Integration with WAF bypass techniques and tamper scripts
  • Command-line interface with scripting support and machine-readable output
  • Cross-platform — runs on Windows, Linux, and macOS with Python 3

Download Options

VersionPlatformDownload
1.9.10Windows (ZIP archive) Download

Installation & quick start

On Windows: download the ZIP archive, extract it to any folder (e.g. C:\Tools\sqlmap), and ensure Python 3.x is installed and added to your system PATH. Then open Command Prompt, navigate to the extracted directory, and run:

python sqlmap.py -h

This will show the help menu with available flags and options.

Example: to test a URL for SQL injection with default options:

python sqlmap.py -u "http://example.com/index.php?id=1" --batch

WSL option: if you prefer Linux-like tooling on Windows, you can run sqlmap under WSL:

wsl
git clone https://github.com/sqlmapproject/sqlmap.git
cd sqlmap
python3 sqlmap.py -h

Usage Examples

Dump all database names:

python sqlmap.py -u "http://example.com/index.php?id=1" --dbs

Enumerate tables from a known database:

python sqlmap.py -u "http://example.com/index.php?id=1" -D mydb --tables

Dump all rows from the “users” table:

python sqlmap.py -u "http://example.com/index.php?id=1" -D mydb -T users --dump

Use Tor for routing and anonymity:

python sqlmap.py -u "http://example.com/index.php?id=1" --tor --check-tor --tor-type=SOCKS5

Useful Links

License: GNU General Public License v2.0 — see GitHub for details.
Legal notice: Use sqlmap only on systems and websites you own or have explicit permission to test. Unauthorized use may be illegal.