ARTICLE

[New Added] SQLMap V0.5 Automating SQL injection tests

Tuesday 20 November 2007

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Add support for Oracle database management system
Add support to extract database users password hash
Extend inband SQL injection functionality to all other possible queries
Add Microsoft SQL Server database fingerprint
Add a fuzzer class with the aim to parse html page looking for standard database error messages consequently improving database fingerprinting
Add support for SQL injection on HTTP Cookie and User-Agent headers
Add support for query ETA (Estimated Time of Arrival) real time calculation
Improve Google dorking support to take advantage of remote hosts affected by SQL injection to perform other command line argument actions
Improve logging functionality

See features here

POSTSCRIPTUM

Download

Application Scanner, Configurations checks, SQLmap, Vulnerability Scanner,

3 September 2008 : SQLMap 0.6 available

20 November 2007 : [New Added] SQLMap V0.5 Automating SQL injection tests

[New Added] SQLMap V0.5 Automating SQL injection tests

POSTSCRIPTUM

RELATED ARTICLES