SQLMap
Open Source
Open-source automatic SQL injection detection and exploitation tool.
| Category | Bug Bounty & Offensive Security |
|---|---|
| Pricing | Free/OSS |
| Rating | ★★★★ 4.5 / 5 |
| License | Open Source |
Detailed Review
SQLMap is an open-source penetration testing tool that automates the detection and exploitation of SQL injection vulnerabilities. It supports all major database management systems including MySQL, PostgreSQL, Oracle, Microsoft SQL Server, and SQLite. Features include automatic detection of injection types (boolean-based, time-based, error-based, UNION query, stacked queries), database fingerprinting, data extraction, file system access, and OS command execution through out-of-band connections. SQLMap can bypass WAFs using tamper scripts and supports HTTP authentication, proxies, and cookies. The go-to tool for SQL injection testing, completely free and open-source.