sqlmap
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
sqlmap是一个开源的渗透测试工具,能够自动监测和利用sql注入漏洞并接管数据库服务器。它附带了一个强力的监测引擎,大量的完整的渗透测试特征和大量的数据库指纹的范围转换,通过数据取出数据库,来访问潜在的文件系统通过带外连接执行操作系统命令。
screenshot 屏幕截图
You can visit the collection of screenshots demonstrating some of features on the wiki.
你可以在wiki上通过访问收集的屏幕截图查看一些特征
安装:
You can download the latest tarball by clicking here or latest zipball by clicking here.
Preferably, you can download sqlmap by cloning the Git repository:
git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
sqlmap works out of the box with Python version 2.6.x and 2.7.x on any platform.
你可以下载最新的tar包和zip包
你也可以通过克隆git 仓库来下载sqlmap,sqlmap运行在python2.6和2.7平台上
用法:
To get a list of basic options and switches use:
python sqlmap.py -h
To get a list of all options and switches use:
python sqlmap.py -hh
You can find a sample run here. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the user's manual.
获取基本的选项列表和转换使用:
python sqlmap.py -h
获取全部的选项列表和转换使用:
python sqlmap.py -hh
链接:
- Homepage: http://sqlmap.org
- Download: .tar.gz or .zip
- Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
- Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
- User's manual: https://github.com/sqlmapproject/sqlmap/wiki
- Frequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
- Mailing list subscription: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
- Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
- Mailing list archive: http://news.gmane.org/gmane.comp.security.sqlmap
- Twitter: @sqlmap
- Demos: http://www.youtube.com/user/inquisb/videos
- Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots