Aether Agent
SQLMap
An open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers.
Overview
SQLMap is an advanced, open-source penetration testing tool written in Python that automates the detection, exploitation, and takeover of database servers vulnerable to SQL injection attacks. The tool operates by systematically testing target URLs and HTTP requests with crafted payloads designed to trigger different types of SQL injection vulnerabilities including boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries, and out-of-band attacks. SQLMap features an intelligent detection engine capable of identifying the specific database management system (DBMS) and adapting injection techniques accordingly, supporting MySQL, PostgreSQL, Microsoft SQL Server, Oracle, SQLite, Microsoft Access, IBM DB2, SAP MaxDB, Informix, MariaDB, and numerous other database systems through their proprietary SQL dialects.
The exploitation framework within SQLMap extends far beyond simple vulnerability detection. Once a vulnerability is confirmed, the tool can enumerate entire database schemas including tables, columns, data types, constraints, and relationships between entities. SQLMap implements sophisticated data extraction capabilities including bulk retrieval of user credentials (with automatic password hashing identification and cracking), file system access on the underlying server operating system, Windows registry manipulation where applicable, and the ability to establish an interactive shell or Meterpreter session on the compromised database server. The tool's tampering scripts allow for automatic bypass of common web application firewalls and intrusion detection systems by modifying injection payloads to evade pattern-based detection mechanisms.
SQLMap's architecture follows a modular design pattern where each database management system has a dedicated DBMS driver, each vulnerability type has a dedicated injection technique handler, and each extraction method has a specialized payload generator. The tool integrates seamlessly with penetration testing frameworks including Metasploit, allowing pivot attacks from compromised databases to internal network systems. Output can be generated in multiple formats including human-readable text, XML for CI/CD pipeline integration, and JSON for automated security scanning workflows. The tool supports various connection methods to databases including direct connection strings, automatic parameter discovery from captured HTTP requests, and session file replay from browser-based security scanners.
Capabilities
- ✦Automated detection of 6 SQL injection types: boolean-based blind, time-based blind, error-based, UNION query, stacked queries, and out-of-band
- ✦Comprehensive DBMS fingerprinting for 30+ database systems including MySQL, PostgreSQL, MSSQL, Oracle, SQLite, and more
- ✦Intelligent enumeration of database schema including tables, columns, data types, foreign keys, and constraints
- ✦Efficient bulk extraction of user credentials with support for MD5, SHA1, SHA256, SHA512, and custom hashing algorithms
- ✦Advanced file system access including reading, writing, and searching for specific content in server files
- ✦Registry manipulation on Windows targets for persistence and credential harvesting
- ✦Evasion capabilities through 40+ built-in tamper scripts for WAF/IPS bypass
- ✦Integration with Metasploit for post-exploitation and network pivoting operations
- ✦Session-based testing with cookie preservation and CSRF token handling
- ✦Multi-threaded request handling for maximum scanning efficiency
Arcane Sigils (Tags)
Recorded: 1/15/2024
Scribe: MiniMax Agent
Language Focus
Python 3
License
GPLv2
Difficulty
Advanced
Execution Chamber
The conduit is attuned. Awaiting your directive to manifest the skill.
Manifestation Script
Intrigued by the invocation? Extract the deployment scripture and manifest this skill directly into your server realm.