mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-07-01 22:11:07 +00:00
46 lines
29 KiB
HTML
46 lines
29 KiB
HTML
<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="theme-color" content="#0e1118"><meta name="color-scheme" content="dark"><title>sqlmap — automatic SQL injection and database takeover tool</title><script async src="https://www.googletagmanager.com/gtag/js?id=G-PK2GTNDFZ6"></script><script>
|
||
window.dataLayer = window.dataLayer || [];
|
||
function gtag(){dataLayer.push(arguments);}
|
||
gtag('js', new Date());
|
||
gtag('config', 'G-PK2GTNDFZ6');
|
||
</script><meta name="description" content="sqlmap is an open-source penetration testing tool that automates detecting and exploiting SQL injection flaws and taking over the databases behind them. Dual-licensed under GPLv2 and a commercial license."><meta name="author" content="Bernardo Damele, Miroslav Stampar"><link rel="canonical" href="https://sqlmap.org/"><link rel="icon" href="favicon.ico" sizes="any"><link rel="icon" type="image/png" sizes="32x32" href="favicon-32.png"><link rel="apple-touch-icon" href="apple-touch-icon.png"><meta property="og:type" content="website"><meta property="og:title" content="sqlmap — automatic SQL injection and database takeover tool"><meta property="og:description" content="Open-source automation for detecting and exploiting SQL injection flaws — and taking over the databases behind them. Dual-licensed: GPLv2 and commercial."><meta property="og:image" content="https://sqlmap.org/sqlmap-og.png"><meta property="og:image:width" content="1200"><meta property="og:image:height" content="630"><meta property="og:url" content="https://sqlmap.org/"><meta property="og:site_name" content="sqlmap"><meta property="article:published_time" content="2006-07-25T00:00:00+00:00"><meta property="article:modified_time" content="2026-06-07T00:00:00+00:00"><meta property="article:author" content="Bernardo Damele"><meta property="article:author" content="Miroslav Stampar"><meta name="twitter:card" content="summary_large_image"><meta name="twitter:title" content="sqlmap — automatic SQL injection and database takeover tool"><meta name="twitter:description" content="Open-source automation for detecting and exploiting SQL injection flaws — and taking over the databases behind them. Dual-licensed: GPLv2 and commercial."><meta name="twitter:image" content="https://sqlmap.org/sqlmap-og.png"><meta name="twitter:site" content="@sqlmap"><link rel="preconnect" href="https://fonts.googleapis.com"><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin><link href="https://fonts.googleapis.com/css2?family=Outfit:wght@400;500;600;700;800&family=Space+Mono:wght@400;700&display=swap" rel="stylesheet"><script type="application/ld+json">
|
||
{
|
||
"@context": "https://schema.org",
|
||
"@type": "SoftwareApplication",
|
||
"name": "sqlmap",
|
||
"applicationCategory": "SecurityApplication",
|
||
"operatingSystem": "Cross-platform",
|
||
"description": "Open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over the databases behind them.",
|
||
"url": "https://sqlmap.org/",
|
||
"downloadUrl": "https://github.com/sqlmapproject/sqlmap",
|
||
"license": "https://www.gnu.org/licenses/old-licenses/gpl-2.0.html",
|
||
"author": [
|
||
{ "@type": "Person", "name": "Bernardo Damele" },
|
||
{ "@type": "Person", "name": "Miroslav Stampar" }
|
||
],
|
||
"sameAs": [
|
||
"https://github.com/sqlmapproject/sqlmap",
|
||
"https://x.com/sqlmap"
|
||
],
|
||
"datePublished": "2006-07-25",
|
||
"dateModified": "2026-06-07",
|
||
"offers": {
|
||
"@type": "Offer",
|
||
"price": "0",
|
||
"priceCurrency": "USD",
|
||
"description": "Free and open source under GPLv2; commercial license available for embedding in proprietary products."
|
||
}
|
||
}
|
||
</script><style>*{margin:0;padding:0;box-sizing:border-box}:root{--bg:#0e1118;--bg2:#06070c;--panel:#171b22;--panel2:#1e232b;--ink:#e8edf3;--mut:#9aa4b2;--acc:#f0883e;--acc2:#ffb454;--line:#2a303a;--green:#3fb950;--footer:#040509}html{scroll-behavior:smooth;color-scheme:dark}body{font-family:'Outfit','Segoe UI',system-ui,-apple-system,sans-serif;background:var(--bg);color:var(--ink);line-height:1.6;overflow-x:hidden}.mono{font-family:'Space Mono','SF Mono',Consolas,'Courier New',monospace}a{color:var(--acc);text-decoration:none}.wrap{max-width:1100px;margin:0 auto;padding:0 24px}.accent{color:var(--acc)}nav{position:sticky;top:0;z-index:50;background:rgba(14,17,24,.82);backdrop-filter:blur(12px);border-bottom:1px solid var(--line);transition:box-shadow .25s ease,background .25s ease}nav.scrolled{box-shadow:0 8px 30px rgba(0,0,0,.45);background:rgba(14,17,24,.92)}nav .wrap{display:flex;align-items:center;justify-content:space-between;height:64px}.brand{display:flex;align-items:center;gap:10px;font-weight:700;font-size:1.2rem;letter-spacing:-.02em}.brand .eyes{width:52px;height:auto;flex:0 0 auto}.navlinks{display:flex;gap:28px;align-items:center}.navlinks a{color:var(--mut);font-size:.95rem;transition:.2s;cursor:pointer}.navlinks a:hover{color:var(--ink)}.btn{background:var(--acc);color:#fff;padding:.55rem 1.1rem;border-radius:8px;font-weight:600;font-size:.9rem;transition:.2s;border:1px solid var(--acc);cursor:pointer;display:inline-block}.btn:hover{background:var(--acc2);border-color:var(--acc2);color:#1a1206}.btn.ghost{background:transparent;color:var(--acc)}.btn.ghost:hover{background:rgba(240,136,62,.10);color:var(--acc)}.desktop-nav{display:flex;gap:26px;align-items:center}.desktop-nav a{position:relative;color:var(--mut);font-size:.95rem;cursor:pointer;padding:.3rem 0;transition:color .2s}.desktop-nav a::after{content:"";position:absolute;left:0;right:0;bottom:-2px;height:2px;background:var(--acc);transform:scaleX(0);transform-origin:left;transition:transform .25s ease}.desktop-nav a:hover{color:var(--ink)}.desktop-nav a:hover::after{transform:scaleX(1)}.desktop-nav a.active{color:var(--ink)}.desktop-nav a.active::after{transform:scaleX(1)}.menu{position:relative}.menu-btn{display:flex;flex-direction:column;justify-content:center;gap:5px;width:42px;height:42px;border:1px solid var(--line);border-radius:9px;background:var(--panel);cursor:pointer;align-items:center;transition:.2s}.menu-btn span{display:block;width:18px;height:2px;background:var(--ink);border-radius:2px;transition:.25s}.menu-btn:hover,.menu.open .menu-btn{border-color:var(--acc)}.menu.open .menu-btn span:nth-child(1){transform:translateY(7px) rotate(45deg)}.menu.open .menu-btn span:nth-child(2){opacity:0}.menu.open .menu-btn span:nth-child(3){transform:translateY(-7px) rotate(-45deg)}.menu-dropdown{position:absolute;top:calc(100% + 8px);right:0;min-width:230px;background:var(--panel);border:1px solid var(--line);border-radius:12px;padding:.6rem;opacity:0;visibility:hidden;transform:translateY(-8px);transition:.2s;box-shadow:0 18px 50px rgba(0,0,0,.55)}.menu.open .menu-dropdown,.menu:hover .menu-dropdown{opacity:1;visibility:visible;transform:none}.menu-dropdown a{display:block;color:var(--ink);font-size:.95rem;padding:.6rem .8rem;border-radius:8px;transition:.15s;cursor:pointer}.menu-dropdown a:hover{background:var(--panel2);color:var(--acc)}.menu-dropdown .sep{height:1px;background:var(--line);margin:.4rem 0}.menu{display:none}@media(max-width:720px){.desktop-nav{display:none}.menu{display:block}}.hero{padding:clamp(3.5rem,9vw,7rem) 0 4rem;text-align:center;position:relative}.hero::before{content:"";position:absolute;inset:0;background:radial-gradient(ellipse 60% 50% at 50% 0,rgba(240,136,62,.12),transparent 70%);pointer-events:none;opacity:0;animation:heroGlowIn 1.4s ease-out .15s forwards}.hero .tarsier{width:clamp(200px,55vw,340px);height:auto;display:block;margin:0 auto 1.6rem;opacity:0;transform:scale(.92);animation:tarsierIn 1s ease-out .1s forwards}@keyframes heroGlowIn{from{opacity:0}to{opacity:1}}@keyframes tarsierIn{from{opacity:0;transform:scale(.92)}to{opacity:1;transform:scale(1)}}.hero h1{font-size:clamp(2.1rem,7vw,3.4rem);line-height:1.08;font-weight:800;letter-spacing:-.03em;margin-bottom:1.2rem}.hero p.lead{font-size:clamp(1.05rem,3.5vw,1.3rem);color:var(--mut);max-width:46ch;margin:0 auto 2.2rem}.hero-cta{display:flex;gap:14px;justify-content:center;flex-wrap:wrap}.badges{display:flex;gap:10px;justify-content:center;flex-wrap:wrap;margin-top:2.4rem}.badge{display:inline-flex;align-items:center;gap:.45rem;font-family:'Space Mono','SF Mono',monospace;font-size:.8rem;color:var(--mut);border:1px solid var(--line);border-radius:999px;padding:.4rem .9rem;background:var(--panel)}.badge svg{width:14px;height:14px;fill:var(--acc);flex:0 0 auto}.badge b{color:var(--acc)}.term{max-width:760px;margin:2rem auto 0;background:#04050a;border:1px solid var(--line);border-radius:12px;overflow:hidden;text-align:left;box-shadow:0 24px 60px rgba(0,0,0,.5)}.term .bar{display:flex;align-items:center;gap:7px;padding:12px 14px;border-bottom:1px solid var(--line);background:var(--panel)}.term .bar i{width:11px;height:11px;border-radius:50%;display:inline-block}.term .bar i:nth-child(1){background:#ff5f56}.term .bar i:nth-child(2){background:#ffbd2e}.term .bar i:nth-child(3){background:#27c93f}.term .bar .term-title{margin-left:auto;color:var(--mut);font-size:.8rem;letter-spacing:.02em}.term .demo-body{padding:0;font-size:0;line-height:0;overflow:hidden}.term .demo-body asciinema-player,.term .demo-body .asciinema-player,.term .demo-body div,.term .demo-body iframe{margin:0 !important;display:block;vertical-align:top}.term .demo-body iframe,.term .demo-body asciinema-player,.term .demo-body .asciinema-player,.term .demo-body>div{margin-bottom:-12px !important}section{padding:5rem 0}.alt{background:var(--bg2);border-top:1px solid var(--line);border-bottom:1px solid var(--line)}.eyebrow{color:var(--acc);font-family:'Space Mono','SF Mono',monospace;font-size:.8rem;letter-spacing:.2em;text-transform:uppercase;margin-bottom:.8rem}h2.sec{font-size:2.2rem;font-weight:800;letter-spacing:-.02em;margin-bottom:1rem}.sec-sub{color:var(--mut);font-size:1.1rem;margin-bottom:2.6rem}.features{display:grid;grid-template-columns:repeat(3,1fr);gap:1.4rem}@media(max-width:860px){.features{grid-template-columns:1fr}}.feat,.lic .opt{background:var(--panel);border:1px solid var(--line);border-radius:14px;padding:1.6rem;transition:border-color .2s ease,background .2s ease,transform .2s ease}.feat:hover,.lic .opt:hover,.feat.reveal.in:hover,.lic .opt.reveal.in:hover{border-color:var(--acc);transform:translateY(-3px);background:linear-gradient(180deg,rgba(240,136,62,.07),var(--panel));transition:border-color .2s ease,background .2s ease,transform .2s ease;transition-delay:0s}.feat.reveal.in,.lic .opt.reveal.in{transition:border-color .2s ease,background .2s ease,transform .2s ease;transition-delay:0s}.feat .head{display:flex;align-items:center;gap:.7rem;margin-bottom:.7rem}.feat .ic{width:42px;height:42px;border-radius:11px;background:rgba(240,136,62,.10);border:1px solid rgba(240,136,62,.22);display:flex;align-items:center;justify-content:center;flex:0 0 auto}.feat .ic svg{width:21px;height:21px;stroke:var(--acc);fill:none;stroke-width:1.8;stroke-linecap:round;stroke-linejoin:round}.feat h3{font-size:1.12rem}.feat p{color:var(--mut);font-size:.96rem}.stats{display:grid;grid-template-columns:repeat(4,1fr);gap:1.4rem;text-align:center}@media(max-width:720px){.stats{grid-template-columns:repeat(2,1fr)}}.stat .v{font-family:'Space Mono','SF Mono',monospace;font-size:2.9rem;font-weight:700;color:var(--acc)}.stat .l{color:var(--mut);font-size:1.05rem;margin-top:.4rem}.lic{display:grid;grid-template-columns:1fr 1fr;gap:1.6rem}@media(max-width:720px){.lic{grid-template-columns:1fr}}.lic .opt{display:flex;flex-direction:column;padding:2rem}.lic .opt .tag{font-family:'Space Mono','SF Mono',monospace;font-size:.75rem;letter-spacing:.14em;text-transform:uppercase;color:var(--mut)}.lic .opt.com .tag{color:var(--acc)}.lic .opt h3{font-size:1.5rem;margin:.5rem 0 1rem}.lic .opt ul{list-style:none;flex:1}.lic .opt li{color:var(--mut);padding:.4rem 0 .4rem 1.6rem;position:relative;font-size:.96rem}.lic .opt li::before{content:"✓";position:absolute;left:0;color:var(--acc)}.lic .opt .btn{margin-top:1.2rem;align-self:flex-start}footer{background:var(--footer);border-top:1px solid rgba(240,136,62,.25);padding:3.5rem 0 3rem;color:var(--mut);box-shadow:inset 0 14px 40px rgba(0,0,0,.4)}footer .wrap{display:flex;justify-content:space-between;flex-wrap:wrap;gap:1.4rem}footer a{color:var(--mut);cursor:pointer}footer a:hover{color:var(--acc)}.fcol .fcol-h{color:var(--ink);font-size:.9rem;margin-bottom:.7rem;text-transform:uppercase;letter-spacing:.1em}.fcol a{display:block;font-size:.92rem;padding:.2rem 0}.reveal{opacity:0;transform:translateY(28px);transition:opacity .7s ease,transform .7s ease}.reveal.in{opacity:1;transform:none}.reveal.d1{transition-delay:.08s}.reveal.d2{transition-delay:.16s}.reveal.d3{transition-delay:.24s}@media(prefers-reduced-motion:reduce){.reveal{opacity:1;transform:none;transition:none}*,*::before,*::after{transition:none !important;animation:none !important;scroll-behavior:auto !important}.feat:hover,.lic .opt:hover,.feat.reveal.in:hover,.lic .opt.reveal.in:hover{transform:none}.hero::before{opacity:1}.hero .tarsier{opacity:1;transform:none}}a:focus-visible,button:focus-visible,.feat:focus-visible,.lic .opt:focus-visible,.menu-btn:focus-visible{outline:2px solid var(--acc);outline-offset:3px;border-radius:8px}.btn:focus-visible{outline-offset:3px}:focus:not(:focus-visible){outline:0}@media print{html,body{background:#fff !important;color:#000 !important}nav,.menu,.hero::before,.term,.hero-cta,.badges{display:none !important}.alt{background:#fff !important;border:none !important}.feat,.lic .opt{border:1px solid #ccc !important;background:#fff !important;color:#000 !important;box-shadow:none !important;transform:none !important}a{color:#000 !important;text-decoration:underline}.accent,.eyebrow,.stat .v,.feat .head .ic svg{color:#000 !important}.hero .tarsier{opacity:1 !important}*{animation:none !important}}</style></head><body><nav><div class="wrap"><div class="brand"><img class="eyes" src="https://sqlmap.org/sqlmap-tarsier.png" alt="sqlmap tarsier"><span class="mono">sqlmap</span></div><div class="navlinks"><div class="desktop-nav"><a data-scroll="introduction" data-spy="introduction">Intro</a><a data-scroll="features" data-spy="features">Capabilities</a><a data-scroll="demo" data-spy="demo">Demo</a><a data-scroll="license" data-spy="license">Licensing</a></div><div class="menu" id="menu"><button class="menu-btn" id="menuBtn" aria-label="Open menu" aria-expanded="false"><span></span><span></span><span></span></button><div class="menu-dropdown"><a data-scroll="introduction">Intro</a><a data-scroll="features">Capabilities</a><a data-scroll="demo">Demo</a><a data-scroll="license">Licensing</a><div class="sep"></div><a href="https://github.com/sqlmapproject/sqlmap" target="_blank" rel="noopener">Download on GitHub</a><a href="mailto:sales@sqlmap.org">Commercial licensing</a></div></div></div></div></nav><header class="hero" id="introduction"><div class="wrap"><img class="tarsier" src="https://sqlmap.org/sqlmap-tarsier.png" alt="sqlmap tarsier"><h1>The tool that <span class="accent">sees every</span><br>SQL injection.</h1><p class="lead">Open-source automation for detecting and exploiting SQL injection flaws — and taking over the databases behind them.</p><div class="hero-cta"><a href="https://github.com/sqlmapproject/sqlmap" target="_blank" rel="noopener" class="btn">Download on GitHub</a><a href="mailto:sales@sqlmap.org" class="btn ghost">License it commercially</a></div><div class="badges"><span class="badge"><svg viewBox="0 0 16 16" aria-hidden="true"><path d="M8 .25a.75.75 0 0 1 .673.418l1.882 3.815 4.21.612a.75.75 0 0 1 .416 1.279l-3.046 2.97.719 4.192a.751.751 0 0 1-1.088.791L8 12.347l-3.766 1.98a.75.75 0 0 1-1.088-.79l.72-4.194L.818 6.374a.75.75 0 0 1 .416-1.28l4.21-.611L7.327.668A.75.75 0 0 1 8 .25Z"/></svg><b class="num" data-count="37.6" data-dec="1" data-suffix="k">1</b> stars</span><span class="badge"><svg viewBox="0 0 16 16" aria-hidden="true"><path d="M5 5.372v.878c0 .414.336.75.75.75h4.5a.75.75 0 0 0 .75-.75v-.878a2.25 2.25 0 1 1 1.5 0v.878a2.25 2.25 0 0 1-2.25 2.25h-1.5v2.128a2.251 2.251 0 1 1-1.5 0V8.5h-1.5A2.25 2.25 0 0 1 3.5 6.25v-.878a2.25 2.25 0 1 1 1.5 0ZM5 3.25a.75.75 0 1 0-1.5 0 .75.75 0 0 0 1.5 0Zm6.75.75a.75.75 0 1 0 0-1.5.75.75 0 0 0 0 1.5Zm-3 8.75a.75.75 0 1 0-1.5 0 .75.75 0 0 0 1.5 0Z"/></svg><b class="num" data-count="6.3" data-dec="1" data-suffix="k">1</b> forks</span><span class="badge"><svg viewBox="0 0 16 16" aria-hidden="true"><path d="M8 2c1.981 0 3.671.992 4.933 2.078 1.27 1.091 2.187 2.345 2.637 3.023a1.62 1.62 0 0 1 0 1.798c-.45.678-1.367 1.932-2.637 3.023C11.67 13.008 9.981 14 8 14c-1.981 0-3.671-.992-4.933-2.078C1.797 10.831.88 9.577.43 8.899a1.62 1.62 0 0 1 0-1.798c.45-.677 1.367-1.931 2.637-3.023C4.33 2.992 6.019 2 8 2ZM1.679 7.932a.12.12 0 0 0 0 .136c.411.622 1.241 1.75 2.366 2.717C5.176 11.758 6.527 12.5 8 12.5c1.473 0 2.825-.742 3.955-1.715 1.124-.967 1.954-2.096 2.366-2.717a.12.12 0 0 0 0-.136c-.412-.621-1.242-1.75-2.366-2.717C10.824 4.242 9.473 3.5 8 3.5c-1.473 0-2.825.742-3.955 1.715-1.124.967-1.954 2.096-2.366 2.717ZM8 10a2 2 0 1 1-.001-3.999A2 2 0 0 1 8 10Z"/></svg><b class="num" data-count="1.1" data-dec="1" data-suffix="k">1</b> watching</span><span class="badge"><svg viewBox="0 0 16 16" aria-hidden="true"><path d="M2.75 14A1.75 1.75 0 0 1 1 12.25v-2.5a.75.75 0 0 1 1.5 0v2.5c0 .138.112.25.25.25h10.5a.25.25 0 0 0 .25-.25v-2.5a.75.75 0 0 1 1.5 0v2.5A1.75 1.75 0 0 1 13.25 14Zm5.47-1.78a.75.75 0 0 1-1.06 0L3.72 8.78a.751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018L7.25 9.94V1.75a.75.75 0 0 1 1.5 0v8.19l2.47-2.22a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042Z"/></svg><b class="num" data-count="20000" data-comma="1" data-suffix="+">1</b> downloads/month</span></div></div></header><section id="stats" class="alt" style="padding:3.5rem 0;"><div class="wrap"><div class="stats"><div class="stat reveal"><div class="v num" data-count="5">5</div><div class="l">SQL injection techniques</div></div><div class="stat reveal d1"><div class="v num" data-count="40" data-suffix="+">40+</div><div class="l">databases supported</div></div><div class="stat reveal d2"><div class="v num" data-count="20">20</div><div class="l">years in active development</div></div><div class="stat reveal d3"><div class="v num" data-count="130" data-suffix="+">130+</div><div class="l">contributors</div></div></div></div></section><section id="features"><div class="wrap"><div class="eyebrow reveal">Capabilities</div><h2 class="sec reveal">Detection. Exploitation. Takeover.</h2><p class="sec-sub reveal">A powerful detection engine paired with a deep arsenal for the serious penetration tester — from fingerprinting the backend to measuring real risk by exploiting what it finds.</p><div class="features"><div class="feat reveal"><div class="head"><div class="ic"><svg viewBox="0 0 24 24"><path d="M12 22v-5"/><path d="M9 8V2"/><path d="M15 8V2"/><path d="M18 8v5a4 4 0 0 1-4 4h-4a4 4 0 0 1-4-4V8Z"/></svg></div><h3>Battle-tested detection</h3></div><p>Two decades of real pentests and thousands of community <a href="https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue%20state%3Aclosed" target="_blank" rel="noopener">bug reports</a> across a vast range of technology stacks and edge cases have iteratively refined the detection engine to a high degree of accuracy.</p></div><div class="feat reveal d1"><div class="head"><div class="ic"><svg viewBox="0 0 24 24"><path d="m18 2 4 4"/><path d="m17 7 3-3"/><path d="M19 9 8.7 19.3c-1 1-2.5 1-3.4 0l-.6-.6c-1-1-1-2.5 0-3.4L15 5"/><path d="m9 11 4 4"/><path d="m5 19-3 3"/><path d="m14 4 6 6"/></svg></div><h3>Five injection techniques</h3></div><p>Boolean-based blind, time-based blind, error-based, UNION query and stacked queries. Detection confirms the exact payload that exploits the flaw. <a href="https://github.com/sqlmapproject/sqlmap/wiki/Techniques" target="_blank" rel="noopener">See the techniques in detail →</a></p></div><div class="feat reveal d2"><div class="head"><div class="ic"><svg viewBox="0 0 24 24"><ellipse cx="12" cy="5" rx="9" ry="3"/><path d="M3 5v14a9 3 0 0 0 18 0V5"/><path d="M3 12a9 3 0 0 0 18 0"/></svg></div><h3>Relational & cloud backends</h3></div><p>Support for 40+ database backends — both traditional relational engines (MySQL, Oracle, PostgreSQL, SQL Server) and cloud data warehouses (Amazon Redshift, Snowflake, ClickHouse).</p></div><div class="feat reveal"><div class="head"><div class="ic"><svg viewBox="0 0 24 24"><path d="M2 12C2 6.5 6.5 2 12 2a10 10 0 0 1 8 4"/><path d="M5 19.5C5.5 18 6 15 6 12c0-.7.12-1.37.34-2"/><path d="M17.29 21.02c.12-.6.43-2.3.5-3.02"/><path d="M12 10a2 2 0 0 0-2 2c0 1.02-.1 2.51-.26 4"/><path d="M8.65 22c.21-.66.45-1.32.57-2"/><path d="M14 13.12c0 2.38 0 6.38-1 8.88"/><path d="M2 16h.01"/><path d="M21.8 16c.2-2 .13-5.35 0-6"/><path d="M9 6.8a6 6 0 0 1 9 5.2v2"/></svg></div><h3>SQL dialect engine</h3></div><p>A robust engine for each backend's SQL dialect, with an active fingerprinting technique that identifies the database with precision.</p></div><div class="feat reveal d1"><div class="head"><div class="ic"><svg viewBox="0 0 24 24"><circle cx="11" cy="11" r="7"/><line x1="21" y1="21" x2="16.65" y2="16.65"/></svg></div><h3>Search across databases</h3></div><p>Hunt down specific database names, tables across every database, or columns across every table — fast way to surface the tables holding credentials and other sensitive data.</p></div><div class="feat reveal d2"><div class="head"><div class="ic"><svg viewBox="0 0 24 24"><path d="m12 14 4-4"/><path d="M3.34 19a10 10 0 1 1 17.32 0"/></svg></div><h3>Measure contextualized risk</h3></div><p>Exploiting and leveraging the injection measures risk in context — what the session user can actually reach. Enumerate the schema and exfiltrate the sensitive data within reach to show exactly what is at stake.</p></div><div class="feat reveal"><div class="head"><div class="ic"><svg viewBox="0 0 24 24"><polyline points="4 17 10 11 4 5"/><line x1="12" y1="19" x2="20" y2="19"/></svg></div><h3>Takeover & pivot</h3></div><p>Read and write the underlying file system, execute commands on the operating system where the backend permits, and pivot further into the network — demonstrating true blast radius.</p></div></div><p class="sec-sub reveal" style="margin-top:2.2rem;margin-bottom:0;">See the <a href="https://github.com/sqlmapproject/sqlmap/wiki/Features" target="_blank" rel="noopener">full feature list</a> on the wiki.</p></div></section><section id="demo" class="alt"><div class="wrap"><div class="eyebrow reveal">Demo</div><h2 class="sec reveal">See it in action.</h2><p class="sec-sub reveal">A recorded sqlmap session — detection through exploitation, end to end.</p><div class="term reveal"><div class="bar"><i></i><i></i><i></i><span class="term-title mono">sqlmap — session</span></div><div class="demo-body"><script type="text/javascript" src="https://asciinema.org/a/46601.js" id="asciicast-46601" async></script><noscript><p class="mono" style="color:var(--mut);">Enable JavaScript to watch the demo, or <a href="https://asciinema.org/a/46601" target="_blank" rel="noopener">view it on asciinema</a>.</p></noscript></div></div><p class="sec-sub reveal" style="margin-top:1.6rem;margin-bottom:0;max-width:none;">Extensive <a href="https://github.com/sqlmapproject/sqlmap/wiki/Usage" target="_blank" rel="noopener">usage documentation</a> covers every option, switch and example.</p></div></section><section id="license"><div class="wrap"><div class="eyebrow reveal">Licensing</div><h2 class="sec reveal">Dual-licensed by design.</h2><p class="sec-sub reveal">Free and open for the community. A clean commercial license for companies embedding sqlmap into a proprietary product.</p><div class="lic"><div class="opt reveal"><div class="tag">Open source</div><h3>GPLv2</h3><ul><li>Free to use, study, modify and redistribute</li><li>The choice for researchers, pentesters and DevSecOps</li><li>Copyleft obligations extend to products that embed it</li></ul><a href="https://github.com/sqlmapproject/sqlmap" target="_blank" rel="noopener" class="btn">View on GitHub →</a></div><div class="opt com reveal d1"><div class="tag">For products</div><h3>Commercial license</h3><ul><li>Embed sqlmap technology into a proprietary product</li><li>Free of GPLv2 copyleft obligations</li><li>The proven SQL injection engine your customers already trust</li></ul><a href="mailto:sales@sqlmap.org" class="btn">Contact us</a></div></div></div></section><footer><div class="wrap"><div class="fcol"><p class="fcol-h">Project</p><a href="https://github.com/sqlmapproject/sqlmap" target="_blank" rel="noopener">GitHub repository</a><a href="https://github.com/sqlmapproject/sqlmap/wiki/Usage" target="_blank" rel="noopener">Documentation</a><a href="https://github.com/sqlmapproject/sqlmap/wiki/FAQ" target="_blank" rel="noopener">FAQ</a></div><div class="fcol"><p class="fcol-h">Connect</p><a href="https://x.com/sqlmap" target="_blank" rel="noopener">@sqlmap on X</a><a href="mailto:dev@sqlmap.org">Contact the team</a><a href="mailto:sales@sqlmap.org">Commercial licensing</a></div></div><div class="wrap" style="margin-top:2rem;font-size:.85rem;opacity:.7;">© 2006–2026 Bernardo Damele and Miroslav Stampar. Dual-licensed under GPLv2 and a commercial license.</div></footer><script>(function(){const navEl=document.querySelector('nav');if(!navEl)return;const onScroll=()=>{navEl.classList.toggle('scrolled',window.scrollY>8);};window.addEventListener('scroll',onScroll,{passive:true});onScroll();})();function scrollToId(id){const t=document.getElementById(id);if(t)t.scrollIntoView({behavior:'smooth',block:'start'});}
|
||
document.querySelectorAll('[data-scroll]').forEach(a=>{a.addEventListener('click',e=>{e.preventDefault();scrollToId(a.dataset.scroll);menu.classList.remove('open');});});(function(){const spyLinks=[...document.querySelectorAll('.desktop-nav a[data-spy]')];if(!spyLinks.length)return;const sections=spyLinks.map(a=>document.getElementById(a.dataset.spy)).filter(Boolean);const byId={};spyLinks.forEach(a=>byId[a.dataset.spy]=a);function setActive(id){spyLinks.forEach(a=>a.classList.toggle('active',a.dataset.spy===id));}
|
||
const spyObserver=new IntersectionObserver((entries)=>{let best=null,bestRatio=0;entries.forEach(e=>{if(e.isIntersecting&&e.intersectionRatio>bestRatio){best=e.target.id;bestRatio=e.intersectionRatio;}});if(best)setActive(best);},{rootMargin:'-45% 0px -45% 0px',threshold:[0,.25,.5,.75,1]});sections.forEach(s=>spyObserver.observe(s));})();const menu=document.getElementById('menu');const menuBtn=document.getElementById('menuBtn');menuBtn.addEventListener('click',e=>{e.stopPropagation();const open=menu.classList.toggle('open');menuBtn.setAttribute('aria-expanded',open?'true':'false');});document.addEventListener('click',e=>{if(!menu.contains(e.target))menu.classList.remove('open');});document.querySelectorAll('a[href^="mailto:"]').forEach(a=>{a.addEventListener('click',()=>{try{window.top.location.href=a.getAttribute('href');}catch(err){window.location.href=a.getAttribute('href');}});});const io=new IntersectionObserver((entries)=>{entries.forEach(e=>{if(e.isIntersecting){e.target.classList.add('in');io.unobserve(e.target);}});},{threshold:0.15,rootMargin:'0px 0px -8% 0px'});document.querySelectorAll('.reveal').forEach(el=>io.observe(el));function fmt(v,el){const dec=+(el.dataset.dec||0);let s=dec>0?v.toFixed(dec):Math.max(1,Math.round(v)).toString();if(el.dataset.comma)s=Math.max(1,Math.round(v)).toLocaleString('en-US');return(el.dataset.prefix||'')+s+(el.dataset.suffix||'');}
|
||
function countUp(el){if(el.dataset.done)return;el.dataset.done='1';const target=+el.dataset.count,dur=1100,start=performance.now();if(window.matchMedia&&window.matchMedia('(prefers-reduced-motion: reduce)').matches){el.textContent=fmt(target,el);return;}
|
||
function tick(now){const p=Math.min((now-start)/dur,1);const eased=1-Math.pow(1-p,3);el.textContent=fmt(eased*target,el);if(p<1)requestAnimationFrame(tick);else el.textContent=fmt(target,el);}
|
||
requestAnimationFrame(tick);}
|
||
function animate(scope){scope.querySelectorAll('.num').forEach(countUp);}
|
||
function toK(n){return Math.round(n/100)/10;}
|
||
async function initHeroBadges(){const nums=[...document.querySelectorAll('header .num')];try{const r=await fetch('https://api.github.com/repos/sqlmapproject/sqlmap');if(r.ok){const d=await r.json();if(d.stargazers_count){nums[0].dataset.count=toK(d.stargazers_count);nums[0].dataset.dec='1';}
|
||
if(d.forks_count){nums[1].dataset.count=toK(d.forks_count);nums[1].dataset.dec='1';}
|
||
if(d.subscribers_count){nums[2].dataset.count=toK(d.subscribers_count);nums[2].dataset.dec='1';}}}catch(e){}
|
||
nums.forEach(countUp);}
|
||
window.addEventListener('load',initHeroBadges);const statsSec=document.getElementById('stats');const statsObserver=new IntersectionObserver((entries)=>{entries.forEach(e=>{if(e.isIntersecting){animate(e.target);statsObserver.unobserve(e.target);}});},{threshold:0.2});if(statsSec){statsObserver.observe(statsSec);window.addEventListener('load',()=>{const r=statsSec.getBoundingClientRect();if(r.top<window.innerHeight&&r.bottom>0)animate(statsSec);});}</script></body></html>
|