Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

capture

Latest Change:

* Fix several typos
* Extra: Preventing obnoxious ‘install git’ on MacOS.
* xml: Revisiting banner xmls (Issue #2239).
* bug fixes sql error? (Android Qpython) #2245
* txt: Unhandled exception bug fixes #2257

Installtion

git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev

Update

cd sqlmap-dev
git pull

or

python sqlmap.py –update

You can read some good sqlmap tutorial as bypass waf, finding sqli, find sqli through post command… here

SQL injection video tutorial