awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-source alternativesSelf-hosted softwareBlogSitemap
ProjektÜber unsHow we rankPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
sqlmapproject avatar

sqlmapproject/sqlmap

0
View on GitHub↗
37,676 Stars·6,293 Forks·Python·15 Aufrufesqlmap.org↗

Sqlmap

This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points.

What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuristic fingerprinting, which adjusts injection techniques in real-time based on server responses. It supports advanced post-exploitation capabilities, including remote command execution on the underlying host operating system and file system access through database-level vulnerabilities. To navigate restricted environments, the software incorporates out-of-band data exfiltration channels and a middleware pipeline for applying user-defined transformations to bypass security filters and web application firewalls.

The suite covers a broad range of operational requirements, including stateful session management, anti-CSRF token handling, and extensive request customization. It supports various target specification methods, such as proxy log analysis and remote API management, while offering granular control over scan performance and detection thresholds.

The software is distributed as a command-line application, with configuration management supported through external file loading and command-line arguments.

Features

  • Injection Testers - Applies custom payloads and tampering scripts to verify the presence of injection vulnerabilities.
  • SQL Injection Tools - Detects and exploits database vulnerabilities by automating malicious payload injection.
  • Database Enumerators - Extracts users, tables, columns, and data from database management systems to verify access.
  • Security Automation Suites - Streamlines identification, verification, and exploitation of vulnerabilities through configurable workflows.
  • Injection Engines - Generates and iterates through specialized SQL payloads to identify database vulnerabilities.
  • Penetration Testing Frameworks - Streamlines the discovery and exploitation of security weaknesses in network-facing applications.
  • Database Enumeration Tools - Extracts schema information, user data, and system configurations from databases.
  • System Command Executors - Executes arbitrary system commands on a database server by leveraging database vulnerabilities.
  • Vulnerability Assessment Tools - Automatically tests input fields to identify and verify database injection vulnerabilities.
  • URL Targeters - Executes automated security tests against specific web addresses including protocol and port details.
  • Database Fingerprinters - Identifies database versions and operating systems by analyzing SQL dialects and error messages.
  • Database Auditing Tools - Extracts sensitive information and evaluates database configurations to identify security risks.
  • Database File Accessors - Reads or uploads files on a database server by abusing administrative database functionalities.
  • Injection Testing Tools - Adjusts injection payloads and timing based on real-time server response analysis.
  • Remote Execution Tools - Leverages database vulnerabilities to execute arbitrary system commands on the host.
  • Vulnerability Scanning Utilities - Automates the extraction and handling of anti-forgery tokens to maintain session continuity during security testing.
  • HTTP Request Managers - Manages headers, cookies, and connection settings to ensure successful communication with target applications.
  • Database and Storage Tools - Tool for detecting and exploiting SQL injection vulnerabilities.
  • Database Security Tools - Automated tool for detecting and exploiting SQL injection flaws.
  • Vulnerability Scanners - Automatic SQL injection and database takeover tool.
  • Web Security Tools - Automated tool for SQL injection and database takeover.
  • Code Security - Automates detection and exploitation of SQL injection flaws.
  • Evasion and Bypass Tools - Includes tamper scripts to obfuscate SQL injection payloads.
  • Exploitation and Payloads - Automated SQL injection and database takeover tool.
  • Exploitation Tools - Automates SQL injection and database takeover processes.
  • Fuzzing and Injection - Automates SQL injection detection and database takeover.
  • Information Gathering Tools - Automated tool for detecting and exploiting SQL injection vulnerabilities.
  • Penetration Testing - Automates SQL injection and database takeover processes.
  • Security and Encryption - Automates SQL injection detection and database exploitation.
  • Security And Forensics - Automated SQL injection and database takeover tool.
  • Sicherheit und Datenschutz - Automated SQL injection and database takeover.
  • Security Tools - Automatic SQL injection and database takeover tool
  • Specialized Vulnerability Scanners - Automated tool for detecting and exploiting SQL injection vulnerabilities.
  • SQL Injection - Automated penetration testing tool for SQL injection and database takeover.
  • Web Security - Automates SQL injection and database takeover.
  • Web Security Testing - Automates SQL injection and database takeover processes.
  • XSS and Injection Testing - Industry-standard tool for detecting and exploiting SQL injection.
  • Target Discovery Tools - Defines target databases or URLs using connection strings, proxy logs, and raw request data.
  • Data Exfiltration Tools - Retrieves data from restricted environments using alternative communication channels.
  • Exfiltration Channels - Uses secondary protocols like DNS to retrieve data when direct HTTP responses are blocked.
  • Function Injection Tools - Uploads shared libraries to execute custom user-defined functions within the database.
  • Request Tampering Middleware - Applies user-defined transformations to HTTP requests to bypass security filters and firewalls.
  • DNS Exfiltration Tools - Retrieves data through controlled DNS domain servers to bypass network filters.
  • Security Scripting Frameworks - Executes custom scripts to dynamically generate or modify request parameters for complex security testing scenarios.
  • Session Management Tools - Maintains cookies and authentication tokens to ensure consistent interaction with target applications.
  • System Fingerprinting Tools - Analyzes server responses to identify underlying database technology and operating systems.
  • Network Testing - Identifies potential injection points by analyzing HTTP requests captured in external proxy logs.
  • Schema Brute-Forcers - Identifies hidden table or column names through brute-force techniques when standard methods fail.
  • Fingerprinting Utilities - Identifies database versions and configurations by analyzing server responses and error messages.
  • Vulnerability Monitoring Systems - Provides audible alerts upon the successful detection of injection vulnerabilities to facilitate efficient monitoring.
  • Performance Analysis - Improves data retrieval speed during security scans using persistent connections and concurrent processing.

Star-Verlauf

Star-Verlauf für sqlmapproject/sqlmapStar-Verlauf für sqlmapproject/sqlmap

KI-Suche

Entdecke weitere awesome Repositories

Beschreibe in einfachen Worten, was du brauchst — die KI bewertet tausende kuratierte Open-Source-Projekte nach Relevanz.

Start searching with AI

Frequently asked questions

What does sqlmapproject/sqlmap do?

This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from…

What are the main features of sqlmapproject/sqlmap?

The main features of sqlmapproject/sqlmap are: Injection Testers, SQL Injection Tools, Database Enumerators, Security Automation Suites, Injection Engines, Penetration Testing Frameworks, Database Enumeration Tools, System Command Executors.

What are some open-source alternatives to sqlmapproject/sqlmap?

Open-source alternatives to sqlmapproject/sqlmap include: commixproject/commix — Commix is an automated tool for detecting and exploiting OS command injection vulnerabilities in web applications. It… s0md3v/xsstrike — XSStrike is an automated security scanning engine designed for web application discovery, input. r0oth3x49/ghauri — Ghauri is an automated SQL injection scanner and exploitation tool designed to detect and extract data from vulnerable… zaproxy/zaproxy — OWASP ZAP is a dynamic application security testing tool and intercepting HTTP proxy used to find vulnerabilities in… samratashok/nishang — Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows… rapid7/metasploit-framework — The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of…

Open-Source-Alternativen zu Sqlmap

Ähnliche Open-Source-Projekte, sortiert nach der Anzahl der gemeinsamen Funktionen mit Sqlmap.
  • commixproject/commixAvatar von commixproject

    commixproject/commix

    5,757Auf GitHub ansehen↗

    Commix is an automated tool for detecting and exploiting OS command injection vulnerabilities in web applications. It probes user-supplied input vectors with heuristic test payloads, analyzes response differences to identify injection points, and then automates the execution of arbitrary operating system commands on the target server. The tool distinguishes itself through a multi-layer filter bypass engine that evaluates input constraints independently per filter type and composes tailored evasion strategies into a single payload. A modular payload tamper pipeline transforms raw injection str

    Python
    Auf GitHub ansehen↗5,757
  • s0md3v/xsstrikeAvatar von s0md3v

    s0md3v/XSStrike

    14,752Auf GitHub ansehen↗

    XSStrike is an automated security scanning engine designed for web application discovery, input

    Pythonwaf-detectionxssxss-bruteforce
    Auf GitHub ansehen↗14,752
  • r0oth3x49/ghauriAvatar von r0oth3x49

    r0oth3x49/ghauri

    4,032Auf GitHub ansehen↗

    Ghauri is an automated SQL injection scanner and exploitation tool designed to detect and extract data from vulnerable databases. It functions as a database exfiltration framework that identifies security flaws and retrieves system banners, hostnames, and database schemas. The tool identifies boolean, error, time-based, and stacked query vulnerabilities across multiple input vectors, including HTTP headers, cookies, JSON, SOAP, and XML. It provides capabilities for automated database exfiltration and the processing of bulk target lists to identify flaws across multiple environments. The syst

    Python
    Auf GitHub ansehen↗4,032
  • zaproxy/zaproxyAvatar von zaproxy

    zaproxy/zaproxy

    15,293Auf GitHub ansehen↗

    OWASP ZAP is a dynamic application security testing tool and intercepting HTTP proxy used to find vulnerabilities in web applications. It functions as a penetration testing framework that enables both automated security scanning and manual security testing of running web services. The tool provides a suite of capabilities for analyzing web applications from the outside in, including the ability to capture and modify traffic between a browser and a target application. It is designed to integrate into DevSecOps pipelines to provide consistent security checks across different environments.

    Java
    Auf GitHub ansehen↗15,293
  • Alle 30 Alternativen zu Sqlmap anzeigen→