[ Hacking Tools ] : sqlmap

sqlmap (yes, all lower-case) is a “Automatic SQL injection and database takeover tool” and a great example for my students of the goodies on GitHub.

On the hacking side, this impressive tool wraps a lot of functionality into one package. From their website:

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

From the teacher’s perspective (mine), it offers a great roadmap to the ways a database can be exploited, and not just one breed of database, but practically any DBMS in use today. And it’s a good time to teach students what git is, what a repo is and how to clone a git repo (at the very least). See it at:


* * *