Install sqlmap on Ubuntu 14.04

  • by
  • 3 Years ago
  • 9

SQLMAP is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

sqlmap1-01

SQLMAP Features

  • Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems
  • Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band
  • Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name
  • Support to enumerate users, password hashes, privileges, roles, databases, tables and columns
  • Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack
  • Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server
  • and many more

[button link=”https://www.youtube.com/user/inquisb/videos” color=”primary”]SQLMAP Demo Videos[/button]

Install SQLMAP on Ubuntu 14.04 & Ubuntu 14.10

wget 'https://github.com/sqlmapproject/sqlmap/tarball/master' --output-document=sqlmapproject-sqlmap-0.9-3671-gdcaad75.tar.gz
tar -xvf sqlmapproject-sqlmap-0.9-3671-gdcaad75.tar.gz
cd sqlmapproject-sqlmap-gdcaad75/
python sqlmap.py --version
  • facebook
  • googleplus
  • twitter
  • linkedin
  • linkedin
  • Thomas

    For me, it worked fine untile the “cd sqlmapproject-sqlmap-dcaad75/” line. Is there a mistake here?

    • What mistake?

      • Saisriram Karthikeya

        at the end of :cd sqlmapproject-sqlmap-gdcaad75 change gdcaad75 to the specific version you have downloaded and extracted using the command :wget ‘https://github.com/sqlmapproject/sqlmap/tarball/master’ –output-document=sqlmapproject-sqlmap-0.9-3671-gdcaad75.tar.gz

        • Thanks, corrected now. Must have been a typo error from my side 😀

    • Willian Rangel

      Yes, the correct line is:
      cd sqlmapproject-sqlmap-gdcaad75/

  • Thank you. Your tutorial was very helpful.

  • Just write “ls” on Terminal, and check the name of sqlmap version.