SQLMap Cheat Sheet - Commands & Examples Tutorial
SQLMap is a SQL Injection automation tool that is finds and exploits SQL Injection vulnerabilities. SQLMap has a number of functionality that can assist from fingerprinting to fully compromising a database and/or in some cases gaining shell level access to a server. If you do not have a current understanding of the fundamentals of how a SQL injection vulnerability occurs or is exploited, see our documentation on what is SQL injection for an overview.
I personally use SQLMap as an exploitation tool, due to the large amount of resources and traffic the tool uses I personally find that detection is better done manually or using other detection tools such as Burp Suite scanner.
SQLMap could be used within an automation system to detect and exploit SQL injection (SQLi) vulnerabilities in web applications, or as a SQLi exploitation tool to use after a proof of concept SQLi payload has been confirmed.
Depending on the configuration SQLMap can be very heavy on request sent to a web application, and may cause DoS conditions for webservers and cause an excessive amount of log files for the target.
