sqlmap/index.html
Bernardo Damele A. G. 1a0fe21916
Added back GA script
2026-06-14 01:11:59 +02:00

46 lines
29 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="theme-color" content="#0e1118"><meta name="color-scheme" content="dark"><title>sqlmap — automatic SQL injection and database takeover tool</title><script async src="https://www.googletagmanager.com/gtag/js?id=G-PK2GTNDFZ6"></script><script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-PK2GTNDFZ6');
</script><meta name="description" content="sqlmap is an open-source penetration testing tool that automates detecting and exploiting SQL injection flaws and taking over the databases behind them. Dual-licensed under GPLv2 and a commercial license."><meta name="author" content="Bernardo Damele, Miroslav Stampar"><link rel="canonical" href="https://sqlmap.org/"><link rel="icon" href="favicon.ico" sizes="any"><link rel="icon" type="image/png" sizes="32x32" href="favicon-32.png"><link rel="apple-touch-icon" href="apple-touch-icon.png"><meta property="og:type" content="website"><meta property="og:title" content="sqlmap — automatic SQL injection and database takeover tool"><meta property="og:description" content="Open-source automation for detecting and exploiting SQL injection flaws — and taking over the databases behind them. Dual-licensed: GPLv2 and commercial."><meta property="og:image" content="https://sqlmap.org/sqlmap-og.png"><meta property="og:image:width" content="1200"><meta property="og:image:height" content="630"><meta property="og:url" content="https://sqlmap.org/"><meta property="og:site_name" content="sqlmap"><meta property="article:published_time" content="2006-07-25T00:00:00+00:00"><meta property="article:modified_time" content="2026-06-07T00:00:00+00:00"><meta property="article:author" content="Bernardo Damele"><meta property="article:author" content="Miroslav Stampar"><meta name="twitter:card" content="summary_large_image"><meta name="twitter:title" content="sqlmap — automatic SQL injection and database takeover tool"><meta name="twitter:description" content="Open-source automation for detecting and exploiting SQL injection flaws — and taking over the databases behind them. Dual-licensed: GPLv2 and commercial."><meta name="twitter:image" content="https://sqlmap.org/sqlmap-og.png"><meta name="twitter:site" content="@sqlmap"><link rel="preconnect" href="https://fonts.googleapis.com"><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin><link href="https://fonts.googleapis.com/css2?family=Outfit:wght@400;500;600;700;800&family=Space+Mono:wght@400;700&display=swap" rel="stylesheet"><script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "SoftwareApplication",
"name": "sqlmap",
"applicationCategory": "SecurityApplication",
"operatingSystem": "Cross-platform",
"description": "Open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over the databases behind them.",
"url": "https://sqlmap.org/",
"downloadUrl": "https://github.com/sqlmapproject/sqlmap",
"license": "https://www.gnu.org/licenses/old-licenses/gpl-2.0.html",
"author": [
{ "@type": "Person", "name": "Bernardo Damele" },
{ "@type": "Person", "name": "Miroslav Stampar" }
],
"sameAs": [
"https://github.com/sqlmapproject/sqlmap",
"https://x.com/sqlmap"
],
"datePublished": "2006-07-25",
"dateModified": "2026-06-07",
"offers": {
"@type": "Offer",
"price": "0",
"priceCurrency": "USD",
"description": "Free and open source under GPLv2; commercial license available for embedding in proprietary products."
}
}
</script><style>*{margin:0;padding:0;box-sizing:border-box}:root{--bg:#0e1118;--bg2:#06070c;--panel:#171b22;--panel2:#1e232b;--ink:#e8edf3;--mut:#9aa4b2;--acc:#f0883e;--acc2:#ffb454;--line:#2a303a;--green:#3fb950;--footer:#040509}html{scroll-behavior:smooth;color-scheme:dark}body{font-family:'Outfit','Segoe UI',system-ui,-apple-system,sans-serif;background:var(--bg);color:var(--ink);line-height:1.6;overflow-x:hidden}.mono{font-family:'Space Mono','SF Mono',Consolas,'Courier New',monospace}a{color:var(--acc);text-decoration:none}.wrap{max-width:1100px;margin:0 auto;padding:0 24px}.accent{color:var(--acc)}nav{position:sticky;top:0;z-index:50;background:rgba(14,17,24,.82);backdrop-filter:blur(12px);border-bottom:1px solid var(--line);transition:box-shadow .25s ease,background .25s ease}nav.scrolled{box-shadow:0 8px 30px rgba(0,0,0,.45);background:rgba(14,17,24,.92)}nav .wrap{display:flex;align-items:center;justify-content:space-between;height:64px}.brand{display:flex;align-items:center;gap:10px;font-weight:700;font-size:1.2rem;letter-spacing:-.02em}.brand .eyes{width:52px;height:auto;flex:0 0 auto}.navlinks{display:flex;gap:28px;align-items:center}.navlinks a{color:var(--mut);font-size:.95rem;transition:.2s;cursor:pointer}.navlinks a:hover{color:var(--ink)}.btn{background:var(--acc);color:#fff;padding:.55rem 1.1rem;border-radius:8px;font-weight:600;font-size:.9rem;transition:.2s;border:1px solid var(--acc);cursor:pointer;display:inline-block}.btn:hover{background:var(--acc2);border-color:var(--acc2);color:#1a1206}.btn.ghost{background:transparent;color:var(--acc)}.btn.ghost:hover{background:rgba(240,136,62,.10);color:var(--acc)}.desktop-nav{display:flex;gap:26px;align-items:center}.desktop-nav a{position:relative;color:var(--mut);font-size:.95rem;cursor:pointer;padding:.3rem 0;transition:color .2s}.desktop-nav a::after{content:"";position:absolute;left:0;right:0;bottom:-2px;height:2px;background:var(--acc);transform:scaleX(0);transform-origin:left;transition:transform .25s ease}.desktop-nav a:hover{color:var(--ink)}.desktop-nav a:hover::after{transform:scaleX(1)}.desktop-nav a.active{color:var(--ink)}.desktop-nav a.active::after{transform:scaleX(1)}.menu{position:relative}.menu-btn{display:flex;flex-direction:column;justify-content:center;gap:5px;width:42px;height:42px;border:1px solid var(--line);border-radius:9px;background:var(--panel);cursor:pointer;align-items:center;transition:.2s}.menu-btn span{display:block;width:18px;height:2px;background:var(--ink);border-radius:2px;transition:.25s}.menu-btn:hover,.menu.open .menu-btn{border-color:var(--acc)}.menu.open .menu-btn span:nth-child(1){transform:translateY(7px) rotate(45deg)}.menu.open .menu-btn span:nth-child(2){opacity:0}.menu.open .menu-btn span:nth-child(3){transform:translateY(-7px) rotate(-45deg)}.menu-dropdown{position:absolute;top:calc(100% + 8px);right:0;min-width:230px;background:var(--panel);border:1px solid var(--line);border-radius:12px;padding:.6rem;opacity:0;visibility:hidden;transform:translateY(-8px);transition:.2s;box-shadow:0 18px 50px rgba(0,0,0,.55)}.menu.open .menu-dropdown,.menu:hover .menu-dropdown{opacity:1;visibility:visible;transform:none}.menu-dropdown a{display:block;color:var(--ink);font-size:.95rem;padding:.6rem .8rem;border-radius:8px;transition:.15s;cursor:pointer}.menu-dropdown a:hover{background:var(--panel2);color:var(--acc)}.menu-dropdown .sep{height:1px;background:var(--line);margin:.4rem 0}.menu{display:none}@media(max-width:720px){.desktop-nav{display:none}.menu{display:block}}.hero{padding:clamp(3.5rem,9vw,7rem) 0 4rem;text-align:center;position:relative}.hero::before{content:"";position:absolute;inset:0;background:radial-gradient(ellipse 60% 50% at 50% 0,rgba(240,136,62,.12),transparent 70%);pointer-events:none;opacity:0;animation:heroGlowIn 1.4s ease-out .15s forwards}.hero .tarsier{width:clamp(200px,55vw,340px);height:auto;display:block;margin:0 auto 1.6rem;opacity:0;transform:scale(.92);animation:tarsierIn 1s ease-out .1s forwards}@keyframes heroGlowIn{from{opacity:0}to{opacity:1}}@keyframes tarsierIn{from{opacity:0;transform:scale(.92)}to{opacity:1;transform:scale(1)}}.hero h1{font-size:clamp(2.1rem,7vw,3.4rem);line-height:1.08;font-weight:800;letter-spacing:-.03em;margin-bottom:1.2rem}.hero p.lead{font-size:clamp(1.05rem,3.5vw,1.3rem);color:var(--mut);max-width:46ch;margin:0 auto 2.2rem}.hero-cta{display:flex;gap:14px;justify-content:center;flex-wrap:wrap}.badges{display:flex;gap:10px;justify-content:center;flex-wrap:wrap;margin-top:2.4rem}.badge{display:inline-flex;align-items:center;gap:.45rem;font-family:'Space Mono','SF Mono',monospace;font-size:.8rem;color:var(--mut);border:1px solid var(--line);border-radius:999px;padding:.4rem .9rem;background:var(--panel)}.badge svg{width:14px;height:14px;fill:var(--acc);flex:0 0 auto}.badge b{color:var(--acc)}.term{max-width:760px;margin:2rem auto 0;background:#04050a;border:1px solid var(--line);border-radius:12px;overflow:hidden;text-align:left;box-shadow:0 24px 60px rgba(0,0,0,.5)}.term .bar{display:flex;align-items:center;gap:7px;padding:12px 14px;border-bottom:1px solid var(--line);background:var(--panel)}.term .bar i{width:11px;height:11px;border-radius:50%;display:inline-block}.term .bar i:nth-child(1){background:#ff5f56}.term .bar i:nth-child(2){background:#ffbd2e}.term .bar i:nth-child(3){background:#27c93f}.term .bar .term-title{margin-left:auto;color:var(--mut);font-size:.8rem;letter-spacing:.02em}.term .demo-body{padding:0;font-size:0;line-height:0;overflow:hidden}.term .demo-body asciinema-player,.term .demo-body .asciinema-player,.term .demo-body div,.term .demo-body iframe{margin:0 !important;display:block;vertical-align:top}.term .demo-body iframe,.term .demo-body asciinema-player,.term .demo-body .asciinema-player,.term .demo-body>div{margin-bottom:-12px !important}section{padding:5rem 0}.alt{background:var(--bg2);border-top:1px solid var(--line);border-bottom:1px solid var(--line)}.eyebrow{color:var(--acc);font-family:'Space Mono','SF Mono',monospace;font-size:.8rem;letter-spacing:.2em;text-transform:uppercase;margin-bottom:.8rem}h2.sec{font-size:2.2rem;font-weight:800;letter-spacing:-.02em;margin-bottom:1rem}.sec-sub{color:var(--mut);font-size:1.1rem;margin-bottom:2.6rem}.features{display:grid;grid-template-columns:repeat(3,1fr);gap:1.4rem}@media(max-width:860px){.features{grid-template-columns:1fr}}.feat,.lic .opt{background:var(--panel);border:1px solid var(--line);border-radius:14px;padding:1.6rem;transition:border-color .2s ease,background .2s ease,transform .2s ease}.feat:hover,.lic .opt:hover,.feat.reveal.in:hover,.lic .opt.reveal.in:hover{border-color:var(--acc);transform:translateY(-3px);background:linear-gradient(180deg,rgba(240,136,62,.07),var(--panel));transition:border-color .2s ease,background .2s ease,transform .2s ease;transition-delay:0s}.feat.reveal.in,.lic .opt.reveal.in{transition:border-color .2s ease,background .2s ease,transform .2s ease;transition-delay:0s}.feat .head{display:flex;align-items:center;gap:.7rem;margin-bottom:.7rem}.feat .ic{width:42px;height:42px;border-radius:11px;background:rgba(240,136,62,.10);border:1px solid rgba(240,136,62,.22);display:flex;align-items:center;justify-content:center;flex:0 0 auto}.feat .ic svg{width:21px;height:21px;stroke:var(--acc);fill:none;stroke-width:1.8;stroke-linecap:round;stroke-linejoin:round}.feat h3{font-size:1.12rem}.feat p{color:var(--mut);font-size:.96rem}.stats{display:grid;grid-template-columns:repeat(4,1fr);gap:1.4rem;text-align:center}@media(max-width:720px){.stats{grid-template-columns:repeat(2,1fr)}}.stat .v{font-family:'Space Mono','SF Mono',monospace;font-size:2.9rem;font-weight:700;color:var(--acc)}.stat .l{color:var(--mut);font-size:1.05rem;margin-top:.4rem}.lic{display:grid;grid-template-columns:1fr 1fr;gap:1.6rem}@media(max-width:720px){.lic{grid-template-columns:1fr}}.lic .opt{display:flex;flex-direction:column;padding:2rem}.lic .opt .tag{font-family:'Space Mono','SF Mono',monospace;font-size:.75rem;letter-spacing:.14em;text-transform:uppercase;color:var(--mut)}.lic .opt.com .tag{color:var(--acc)}.lic .opt h3{font-size:1.5rem;margin:.5rem 0 1rem}.lic .opt ul{list-style:none;flex:1}.lic .opt li{color:var(--mut);padding:.4rem 0 .4rem 1.6rem;position:relative;font-size:.96rem}.lic .opt li::before{content:"✓";position:absolute;left:0;color:var(--acc)}.lic .opt .btn{margin-top:1.2rem;align-self:flex-start}footer{background:var(--footer);border-top:1px solid rgba(240,136,62,.25);padding:3.5rem 0 3rem;color:var(--mut);box-shadow:inset 0 14px 40px rgba(0,0,0,.4)}footer .wrap{display:flex;justify-content:space-between;flex-wrap:wrap;gap:1.4rem}footer a{color:var(--mut);cursor:pointer}footer a:hover{color:var(--acc)}.fcol .fcol-h{color:var(--ink);font-size:.9rem;margin-bottom:.7rem;text-transform:uppercase;letter-spacing:.1em}.fcol a{display:block;font-size:.92rem;padding:.2rem 0}.reveal{opacity:0;transform:translateY(28px);transition:opacity .7s ease,transform .7s ease}.reveal.in{opacity:1;transform:none}.reveal.d1{transition-delay:.08s}.reveal.d2{transition-delay:.16s}.reveal.d3{transition-delay:.24s}@media(prefers-reduced-motion:reduce){.reveal{opacity:1;transform:none;transition:none}*,*::before,*::after{transition:none !important;animation:none !important;scroll-behavior:auto !important}.feat:hover,.lic .opt:hover,.feat.reveal.in:hover,.lic .opt.reveal.in:hover{transform:none}.hero::before{opacity:1}.hero .tarsier{opacity:1;transform:none}}a:focus-visible,button:focus-visible,.feat:focus-visible,.lic .opt:focus-visible,.menu-btn:focus-visible{outline:2px solid var(--acc);outline-offset:3px;border-radius:8px}.btn:focus-visible{outline-offset:3px}:focus:not(:focus-visible){outline:0}@media print{html,body{background:#fff !important;color:#000 !important}nav,.menu,.hero::before,.term,.hero-cta,.badges{display:none !important}.alt{background:#fff !important;border:none !important}.feat,.lic .opt{border:1px solid #ccc !important;background:#fff !important;color:#000 !important;box-shadow:none !important;transform:none !important}a{color:#000 !important;text-decoration:underline}.accent,.eyebrow,.stat .v,.feat .head .ic svg{color:#000 !important}.hero .tarsier{opacity:1 !important}*{animation:none !important}}</style></head><body><nav><div class="wrap"><div class="brand"><img class="eyes" src="https://sqlmap.org/sqlmap-tarsier.png" alt="sqlmap tarsier"><span class="mono">sqlmap</span></div><div class="navlinks"><div class="desktop-nav"><a data-scroll="introduction" data-spy="introduction">Intro</a><a data-scroll="features" data-spy="features">Capabilities</a><a data-scroll="demo" data-spy="demo">Demo</a><a data-scroll="license" data-spy="license">Licensing</a></div><div class="menu" id="menu"><button class="menu-btn" id="menuBtn" aria-label="Open menu" aria-expanded="false"><span></span><span></span><span></span></button><div class="menu-dropdown"><a data-scroll="introduction">Intro</a><a data-scroll="features">Capabilities</a><a data-scroll="demo">Demo</a><a data-scroll="license">Licensing</a><div class="sep"></div><a href="https://github.com/sqlmapproject/sqlmap" target="_blank" rel="noopener">Download on GitHub</a><a href="mailto:sales@sqlmap.org">Commercial licensing</a></div></div></div></div></nav><header class="hero" id="introduction"><div class="wrap"><img class="tarsier" src="https://sqlmap.org/sqlmap-tarsier.png" alt="sqlmap tarsier"><h1>The tool that <span class="accent">sees every</span><br>SQL injection.</h1><p class="lead">Open-source automation for detecting and exploiting SQL injection flaws — and taking over the databases behind them.</p><div class="hero-cta"><a href="https://github.com/sqlmapproject/sqlmap" target="_blank" rel="noopener" class="btn">Download on GitHub</a><a href="mailto:sales@sqlmap.org" class="btn ghost">License it commercially</a></div><div class="badges"><span class="badge"><svg viewBox="0 0 16 16" aria-hidden="true"><path d="M8 .25a.75.75 0 0 1 .673.418l1.882 3.815 4.21.612a.75.75 0 0 1 .416 1.279l-3.046 2.97.719 4.192a.751.751 0 0 1-1.088.791L8 12.347l-3.766 1.98a.75.75 0 0 1-1.088-.79l.72-4.194L.818 6.374a.75.75 0 0 1 .416-1.28l4.21-.611L7.327.668A.75.75 0 0 1 8 .25Z"/></svg><b class="num" data-count="37.6" data-dec="1" data-suffix="k">1</b> stars</span><span class="badge"><svg viewBox="0 0 16 16" aria-hidden="true"><path d="M5 5.372v.878c0 .414.336.75.75.75h4.5a.75.75 0 0 0 .75-.75v-.878a2.25 2.25 0 1 1 1.5 0v.878a2.25 2.25 0 0 1-2.25 2.25h-1.5v2.128a2.251 2.251 0 1 1-1.5 0V8.5h-1.5A2.25 2.25 0 0 1 3.5 6.25v-.878a2.25 2.25 0 1 1 1.5 0ZM5 3.25a.75.75 0 1 0-1.5 0 .75.75 0 0 0 1.5 0Zm6.75.75a.75.75 0 1 0 0-1.5.75.75 0 0 0 0 1.5Zm-3 8.75a.75.75 0 1 0-1.5 0 .75.75 0 0 0 1.5 0Z"/></svg><b class="num" data-count="6.3" data-dec="1" data-suffix="k">1</b> forks</span><span class="badge"><svg viewBox="0 0 16 16" aria-hidden="true"><path d="M8 2c1.981 0 3.671.992 4.933 2.078 1.27 1.091 2.187 2.345 2.637 3.023a1.62 1.62 0 0 1 0 1.798c-.45.678-1.367 1.932-2.637 3.023C11.67 13.008 9.981 14 8 14c-1.981 0-3.671-.992-4.933-2.078C1.797 10.831.88 9.577.43 8.899a1.62 1.62 0 0 1 0-1.798c.45-.677 1.367-1.931 2.637-3.023C4.33 2.992 6.019 2 8 2ZM1.679 7.932a.12.12 0 0 0 0 .136c.411.622 1.241 1.75 2.366 2.717C5.176 11.758 6.527 12.5 8 12.5c1.473 0 2.825-.742 3.955-1.715 1.124-.967 1.954-2.096 2.366-2.717a.12.12 0 0 0 0-.136c-.412-.621-1.242-1.75-2.366-2.717C10.824 4.242 9.473 3.5 8 3.5c-1.473 0-2.825.742-3.955 1.715-1.124.967-1.954 2.096-2.366 2.717ZM8 10a2 2 0 1 1-.001-3.999A2 2 0 0 1 8 10Z"/></svg><b class="num" data-count="1.1" data-dec="1" data-suffix="k">1</b> watching</span><span class="badge"><svg viewBox="0 0 16 16" aria-hidden="true"><path d="M2.75 14A1.75 1.75 0 0 1 1 12.25v-2.5a.75.75 0 0 1 1.5 0v2.5c0 .138.112.25.25.25h10.5a.25.25 0 0 0 .25-.25v-2.5a.75.75 0 0 1 1.5 0v2.5A1.75 1.75 0 0 1 13.25 14Zm5.47-1.78a.75.75 0 0 1-1.06 0L3.72 8.78a.751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018L7.25 9.94V1.75a.75.75 0 0 1 1.5 0v8.19l2.47-2.22a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042Z"/></svg><b class="num" data-count="20000" data-comma="1" data-suffix="+">1</b> downloads/month</span></div></div></header><section id="stats" class="alt" style="padding:3.5rem 0;"><div class="wrap"><div class="stats"><div class="stat reveal"><div class="v num" data-count="5">5</div><div class="l">SQL injection techniques</div></div><div class="stat reveal d1"><div class="v num" data-count="40" data-suffix="+">40+</div><div class="l">databases supported</div></div><div class="stat reveal d2"><div class="v num" data-count="20">20</div><div class="l">years in active development</div></div><div class="stat reveal d3"><div class="v num" data-count="130" data-suffix="+">130+</div><div class="l">contributors</div></div></div></div></section><section id="features"><div class="wrap"><div class="eyebrow reveal">Capabilities</div><h2 class="sec reveal">Detection. Exploitation. Takeover.</h2><p class="sec-sub reveal">A powerful detection engine paired with a deep arsenal for the serious penetration tester — from fingerprinting the backend to measuring real risk by exploiting what it finds.</p><div class="features"><div class="feat reveal"><div class="head"><div class="ic"><svg viewBox="0 0 24 24"><path d="M12 22v-5"/><path d="M9 8V2"/><path d="M15 8V2"/><path d="M18 8v5a4 4 0 0 1-4 4h-4a4 4 0 0 1-4-4V8Z"/></svg></div><h3>Battle-tested detection</h3></div><p>Two decades of real pentests and thousands of community <a href="https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue%20state%3Aclosed" target="_blank" rel="noopener">bug reports</a> across a vast range of technology stacks and edge cases have iteratively refined the detection engine to a high degree of accuracy.</p></div><div class="feat reveal d1"><div class="head"><div class="ic"><svg viewBox="0 0 24 24"><path d="m18 2 4 4"/><path d="m17 7 3-3"/><path d="M19 9 8.7 19.3c-1 1-2.5 1-3.4 0l-.6-.6c-1-1-1-2.5 0-3.4L15 5"/><path d="m9 11 4 4"/><path d="m5 19-3 3"/><path d="m14 4 6 6"/></svg></div><h3>Five injection techniques</h3></div><p>Boolean-based blind, time-based blind, error-based, UNION query and stacked queries. Detection confirms the exact payload that exploits the flaw. <a href="https://github.com/sqlmapproject/sqlmap/wiki/Techniques" target="_blank" rel="noopener">See the techniques in detail →</a></p></div><div class="feat reveal d2"><div class="head"><div class="ic"><svg viewBox="0 0 24 24"><ellipse cx="12" cy="5" rx="9" ry="3"/><path d="M3 5v14a9 3 0 0 0 18 0V5"/><path d="M3 12a9 3 0 0 0 18 0"/></svg></div><h3>Relational &amp; cloud backends</h3></div><p>Support for 40+ database backends — both traditional relational engines (MySQL, Oracle, PostgreSQL, SQL Server) and cloud data warehouses (Amazon Redshift, Snowflake, ClickHouse).</p></div><div class="feat reveal"><div class="head"><div class="ic"><svg viewBox="0 0 24 24"><path d="M2 12C2 6.5 6.5 2 12 2a10 10 0 0 1 8 4"/><path d="M5 19.5C5.5 18 6 15 6 12c0-.7.12-1.37.34-2"/><path d="M17.29 21.02c.12-.6.43-2.3.5-3.02"/><path d="M12 10a2 2 0 0 0-2 2c0 1.02-.1 2.51-.26 4"/><path d="M8.65 22c.21-.66.45-1.32.57-2"/><path d="M14 13.12c0 2.38 0 6.38-1 8.88"/><path d="M2 16h.01"/><path d="M21.8 16c.2-2 .13-5.35 0-6"/><path d="M9 6.8a6 6 0 0 1 9 5.2v2"/></svg></div><h3>SQL dialect engine</h3></div><p>A robust engine for each backend's SQL dialect, with an active fingerprinting technique that identifies the database with precision.</p></div><div class="feat reveal d1"><div class="head"><div class="ic"><svg viewBox="0 0 24 24"><circle cx="11" cy="11" r="7"/><line x1="21" y1="21" x2="16.65" y2="16.65"/></svg></div><h3>Search across databases</h3></div><p>Hunt down specific database names, tables across every database, or columns across every table — fast way to surface the tables holding credentials and other sensitive data.</p></div><div class="feat reveal d2"><div class="head"><div class="ic"><svg viewBox="0 0 24 24"><path d="m12 14 4-4"/><path d="M3.34 19a10 10 0 1 1 17.32 0"/></svg></div><h3>Measure contextualized risk</h3></div><p>Exploiting and leveraging the injection measures risk in context — what the session user can actually reach. Enumerate the schema and exfiltrate the sensitive data within reach to show exactly what is at stake.</p></div><div class="feat reveal"><div class="head"><div class="ic"><svg viewBox="0 0 24 24"><polyline points="4 17 10 11 4 5"/><line x1="12" y1="19" x2="20" y2="19"/></svg></div><h3>Takeover &amp; pivot</h3></div><p>Read and write the underlying file system, execute commands on the operating system where the backend permits, and pivot further into the network — demonstrating true blast radius.</p></div></div><p class="sec-sub reveal" style="margin-top:2.2rem;margin-bottom:0;">See the <a href="https://github.com/sqlmapproject/sqlmap/wiki/Features" target="_blank" rel="noopener">full feature list</a> on the wiki.</p></div></section><section id="demo" class="alt"><div class="wrap"><div class="eyebrow reveal">Demo</div><h2 class="sec reveal">See it in action.</h2><p class="sec-sub reveal">A recorded sqlmap session — detection through exploitation, end to end.</p><div class="term reveal"><div class="bar"><i></i><i></i><i></i><span class="term-title mono">sqlmap — session</span></div><div class="demo-body"><script type="text/javascript" src="https://asciinema.org/a/46601.js" id="asciicast-46601" async></script><noscript><p class="mono" style="color:var(--mut);">Enable JavaScript to watch the demo, or <a href="https://asciinema.org/a/46601" target="_blank" rel="noopener">view it on asciinema</a>.</p></noscript></div></div><p class="sec-sub reveal" style="margin-top:1.6rem;margin-bottom:0;max-width:none;">Extensive <a href="https://github.com/sqlmapproject/sqlmap/wiki/Usage" target="_blank" rel="noopener">usage documentation</a> covers every option, switch and example.</p></div></section><section id="license"><div class="wrap"><div class="eyebrow reveal">Licensing</div><h2 class="sec reveal">Dual-licensed by design.</h2><p class="sec-sub reveal">Free and open for the community. A clean commercial license for companies embedding sqlmap into a proprietary product.</p><div class="lic"><div class="opt reveal"><div class="tag">Open source</div><h3>GPLv2</h3><ul><li>Free to use, study, modify and redistribute</li><li>The choice for researchers, pentesters and DevSecOps</li><li>Copyleft obligations extend to products that embed it</li></ul><a href="https://github.com/sqlmapproject/sqlmap" target="_blank" rel="noopener" class="btn">View on GitHub →</a></div><div class="opt com reveal d1"><div class="tag">For products</div><h3>Commercial license</h3><ul><li>Embed sqlmap technology into a proprietary product</li><li>Free of GPLv2 copyleft obligations</li><li>The proven SQL injection engine your customers already trust</li></ul><a href="mailto:sales@sqlmap.org" class="btn">Contact us</a></div></div></div></section><footer><div class="wrap"><div class="fcol"><p class="fcol-h">Project</p><a href="https://github.com/sqlmapproject/sqlmap" target="_blank" rel="noopener">GitHub repository</a><a href="https://github.com/sqlmapproject/sqlmap/wiki/Usage" target="_blank" rel="noopener">Documentation</a><a href="https://github.com/sqlmapproject/sqlmap/wiki/FAQ" target="_blank" rel="noopener">FAQ</a></div><div class="fcol"><p class="fcol-h">Connect</p><a href="https://x.com/sqlmap" target="_blank" rel="noopener">@sqlmap on X</a><a href="mailto:dev@sqlmap.org">Contact the team</a><a href="mailto:sales@sqlmap.org">Commercial licensing</a></div></div><div class="wrap" style="margin-top:2rem;font-size:.85rem;opacity:.7;">© 20062026 Bernardo Damele and Miroslav Stampar. Dual-licensed under GPLv2 and a commercial license.</div></footer><script>(function(){const navEl=document.querySelector('nav');if(!navEl)return;const onScroll=()=>{navEl.classList.toggle('scrolled',window.scrollY>8);};window.addEventListener('scroll',onScroll,{passive:true});onScroll();})();function scrollToId(id){const t=document.getElementById(id);if(t)t.scrollIntoView({behavior:'smooth',block:'start'});}
document.querySelectorAll('[data-scroll]').forEach(a=>{a.addEventListener('click',e=>{e.preventDefault();scrollToId(a.dataset.scroll);menu.classList.remove('open');});});(function(){const spyLinks=[...document.querySelectorAll('.desktop-nav a[data-spy]')];if(!spyLinks.length)return;const sections=spyLinks.map(a=>document.getElementById(a.dataset.spy)).filter(Boolean);const byId={};spyLinks.forEach(a=>byId[a.dataset.spy]=a);function setActive(id){spyLinks.forEach(a=>a.classList.toggle('active',a.dataset.spy===id));}
const spyObserver=new IntersectionObserver((entries)=>{let best=null,bestRatio=0;entries.forEach(e=>{if(e.isIntersecting&&e.intersectionRatio>bestRatio){best=e.target.id;bestRatio=e.intersectionRatio;}});if(best)setActive(best);},{rootMargin:'-45% 0px -45% 0px',threshold:[0,.25,.5,.75,1]});sections.forEach(s=>spyObserver.observe(s));})();const menu=document.getElementById('menu');const menuBtn=document.getElementById('menuBtn');menuBtn.addEventListener('click',e=>{e.stopPropagation();const open=menu.classList.toggle('open');menuBtn.setAttribute('aria-expanded',open?'true':'false');});document.addEventListener('click',e=>{if(!menu.contains(e.target))menu.classList.remove('open');});document.querySelectorAll('a[href^="mailto:"]').forEach(a=>{a.addEventListener('click',()=>{try{window.top.location.href=a.getAttribute('href');}catch(err){window.location.href=a.getAttribute('href');}});});const io=new IntersectionObserver((entries)=>{entries.forEach(e=>{if(e.isIntersecting){e.target.classList.add('in');io.unobserve(e.target);}});},{threshold:0.15,rootMargin:'0px 0px -8% 0px'});document.querySelectorAll('.reveal').forEach(el=>io.observe(el));function fmt(v,el){const dec=+(el.dataset.dec||0);let s=dec>0?v.toFixed(dec):Math.max(1,Math.round(v)).toString();if(el.dataset.comma)s=Math.max(1,Math.round(v)).toLocaleString('en-US');return(el.dataset.prefix||'')+s+(el.dataset.suffix||'');}
function countUp(el){if(el.dataset.done)return;el.dataset.done='1';const target=+el.dataset.count,dur=1100,start=performance.now();if(window.matchMedia&&window.matchMedia('(prefers-reduced-motion: reduce)').matches){el.textContent=fmt(target,el);return;}
function tick(now){const p=Math.min((now-start)/dur,1);const eased=1-Math.pow(1-p,3);el.textContent=fmt(eased*target,el);if(p<1)requestAnimationFrame(tick);else el.textContent=fmt(target,el);}
requestAnimationFrame(tick);}
function animate(scope){scope.querySelectorAll('.num').forEach(countUp);}
function toK(n){return Math.round(n/100)/10;}
async function initHeroBadges(){const nums=[...document.querySelectorAll('header .num')];try{const r=await fetch('https://api.github.com/repos/sqlmapproject/sqlmap');if(r.ok){const d=await r.json();if(d.stargazers_count){nums[0].dataset.count=toK(d.stargazers_count);nums[0].dataset.dec='1';}
if(d.forks_count){nums[1].dataset.count=toK(d.forks_count);nums[1].dataset.dec='1';}
if(d.subscribers_count){nums[2].dataset.count=toK(d.subscribers_count);nums[2].dataset.dec='1';}}}catch(e){}
nums.forEach(countUp);}
window.addEventListener('load',initHeroBadges);const statsSec=document.getElementById('stats');const statsObserver=new IntersectionObserver((entries)=>{entries.forEach(e=>{if(e.isIntersecting){animate(e.target);statsObserver.unobserve(e.target);}});},{threshold:0.2});if(statsSec){statsObserver.observe(statsSec);window.addEventListener('load',()=>{const r=statsSec.getBoundingClientRect();if(r.top<window.innerHeight&&r.bottom>0)animate(statsSec);});}</script></body></html>