In this series of the Professionally Evil Toolkit we will be talking about sqlmap. Sqlmap is an open source penetration testing tool that is written in python. Sqlmap automates the process of detecting/exploiting SQL injection flaws and taking over of database servers. As you might know, SQL injection is ranked number one on the OWASP Top Ten of web application security vulnerabilities. Since sqlmap has a rich feature set full of options, we will be covering an introduction to the tool.
First you should have sqlmap downloaded and installed on your machine used for testing. If you don’t want to install it, Samurai WTF and Kali Linux comes with this pre loaded.
To launch sqlmap in Samurai we will just open up a shell, browse to the /usr/bin/samurai/sqlmap directory, and type in python sqlmap.py. However, sqlmap requires parameters to run. We can issue the -help command to get help on the tool. Below is a screenshot of
We are going to cover the basic functionality of the tool next. This can be broken up into several paramater categories:
The target parameter is a requirement as it specifies which URL for sqlmap to test against. An example of this would be:
The next parameter category is the request paramater. Below are some useful request parameters with descriptions:
- Data – The ability to put a data string in a request to make it a POST request
- Cookie- Set a cookie for the request
- Random-Agent – Randomizes user-agent header value
- Force-ssl – Very useful on sites that are SSL based
- Proxy – Great for troubleshooting. Instructs sqlmap to use a proxy (Burp works great)
To learn more about sqlmap you can use the help page or find more information online here. If your looking for something to test against in a sandboxed environment you could try Mutillidae.
Professionally Evil Toolkit (PET) is a blog series about tools that security professionals use in the industry. These tools can be used for many things including penetration testing, auditing, and testing. The tools mentioned in PET can be very dangerous when ran on production systems. Secure Ideas recommends you get authorization from the appropriate system owners and test against staging environments prior to running these tools.
Jeff Bleich is a Senior Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at email@example.com or visit the Secure Ideas – Professionally Evil site for services provided.