Sqlmap: Automated SQL Vulnerability Scanning

Scan a website for vulnerabilities from your phone.
June 24, 2022

Benji Gifford


Introduction

In my last article, I discussed the powerful Linux terminal emulators that are Termux & iOS, made for mobile users. Here, I’ll be demonstrating one tool that you can use here (or in any Linux environment,) sqlmap. Sqlmap is a Python-based tool that “automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.”

Sqlmap is packed with tons of features and switches from database fingerprinting and remote execution to web servers. This makes ease of SQL injection and similar attacks. As always, don’t do anything illegal.


Installation

Open up your Linux terminal (in Termux or in a different machine) and run the following commands:

  • pkg update && pkg upgrade -y
  • apt install python python2
  • pkg install git
  • git clone https://github.com/sqlmapproject/sqlmap
  • cd sqlmap
  • chmod +x sqlmap.py
  • python2 sqlmap.py

Usage

Sqlmap can perform a vulnerability assessment on a site using the following command format:

  • python2 sqlmap.py [target ip/site/URL]
  • To get a list of basic options and switches use:
  • python2 sqlmap.py -h
  • To get a list of all options and switches use:
  • python2 sqlmap.py -hh

Example:

Sqlmap scans homedepot.com’s attack surface for any vulnerability it may be able to find. It’s very responsive, following redirects and using a wide array of features. Sqlmap will also provide suggestions while you’re running commands, which makes everything far more efficient and convenient.


Conclusion

Sqlmap is a powerful tool that brings ease to the processes of assessing a target for SQL-based attack vulnerabilities. Scanning a target in itself is not illegal, but carrying out an actual attack without their consent is of course against the law.


Resources:

  • Stampar, Miroslav. “Sqlmap.” GitHUb, 1 Apr. 2022, https://github.com/sqlmapproject/sqlmap.
  • Staff, HackThisSite.org. “Hackthissite.” Hack This Site, 2016, https://www.hackthissite.org/.
  • Ghosal, Sounetra. “How to Install Sqlmap on Android Termux?” GeeksforGeeks, 29 Dec. 2021, https://www.geeksforgeeks.org/how-to-install-sqlmap-on-android-termux/.
  • ushar77. “Ushar77/Installation-of-SQL-Map-: How to Install Sqlmap How to Install Sqlmap in Termux How to Install Sqlmap Tool in Termux.” GitHub, 27 Mar. 2022, https://github.com/ushar77/installation-of-sql-map-.

Posted

in

by