Home page logo


sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features, from database fingerprinting to fetching data from the DB and even accessing the underlying file system and executing OS commands via out-of-band connections. The authors recommend using the development release from their Subversion repository. For downloads and more information, visit the sqlmap homepage.

Popularity #30, new!
Rating ★★★★½ (10)
Latest release 0.9
April 11, 2011
(8 years, 11 months ago)


no rating acarnet

very descriptive bil bil know, I found great


no rating Alper newer comment by this user ↑

Thank You. has been a successful writing



We using SQLmap online on https://dashboard.penteston.com

★★★★★ Toni Almeida

this is for sure a great SQLi tool. it's extremely powerful, easy to use and free!

★★★★★ Artemix

A very useful tool when you need to test your website security! Very useful and stable!

★★★ sniperhax

Yeah sqlmap is great if you're not doing anything blind. then it's a son of a bitch and God forbid you ask that dude over at git hub because he's a prick and doesn't tend to be particularly helpful. my results with it have been meh.

no rating Hassaan

sqlmap is very awesome tool. I used it so many times for SQLi and dump databases!

★★★★ TM KHAN

We have used sqlmap for our oscommerce based online store. The tool really helped us to find sql injections and figure out the root issues.

★★★★★ craft nation

**********good tool i crash alot of sites LOL!!!**************

★★★★★ gastontoth

This is my tool of choice when I have to exploit SQL injection. It works perfectly in different scenarios. I strongly recommend it.

no rating gastontoth newer comment by this user ↑

This is my tool of choice when I have to exploit SQL injection. It works perfectly in different scenarios. I strongly recommend it.

★★★★★ xem

Great tool. Also my first choice for testins sql injection.

★★★★★ Bing van Anrooij

Really great tool. In cases when I need to exploit a SQL injection vulnerable page this is always my first choice.

★★★★★ Schelm

sqlmap is an incredible tool. As soon as I spot a potential SQL injection vulnerability, I run sqlmap. It figures out so many things all by itself, which impresses me the most and I dumped several databases with it in pentests already.

Your comment

Along with your rating, you can use the comment form to post a review, tutorial, tips and tricks, or anything else others will find useful. If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).

  (will not be shown, will not be spammed)
(At least 50 characters. No markup is allowed. URLs will be made into links.)
 What is the length of an IPv6 address, in bytes? (antispam)

Feed for updates.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]