sqlmap is a penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Changes: Support was added for enumerating and dumping all databases’ tables containing user provided column(s). This can be useful to identify, for instance, tables containing custom application credentials. –priv-esc was enhanced to rely on new Metasploit Meterpreter’s "getsystem" command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows. Much more was done.
Release Tags: Stable
Tags: Audit, bisection, blind, Database, DBMS, enumeration, exploit, file, Fingerprint, hack, hacking, inband, inference, Microsoft, MSSQL, MySQL, Oracle, orcl, pentest, postgresql, pt, SQL, sql injection, sql map, sql server, takeover, test, Testing, union, vulnerability, WebApp
Licenses: GPLv2, LGPL