You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+33Lines changed: 33 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,6 +16,29 @@ sqlmap is an open source penetration testing tool that automates the process of
16
16
* Support to **establish an out-of-band stateful TCP connection between the attacker machine and the database server** underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.
17
17
* Support for **database process' user privilege escalation** via Metasploit's Meterpreter `getsystem` command.
**SQL injection: Not only AND 1=1* (slides)[http://www.slideshare.net/inquis/sql-injection-not-only-and-11-updated] presented by Bernardo at the 2nd Digital Security Forum in Lisbon (Portugal) on June 27, 2009.
24
+
***Advanced SQL injection to operating system full control** (whitepaper)[http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-whitepaper-4633857] and (slides)[http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides] presented by Bernardo at (Black Hat Europe 2009)[https://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html] in Amsterdam (The Netherlands) on April 16, 2009.
25
+
***Expanding the control over the operating system from the database** (slides)[http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database] presented by Bernardo at (SOURCE Conference)[http://www.sourceconference.com/archive/] 2009 in Barcelona (Spain) on September 21, 2009.
26
+
***Got database access? Own the network!** (slides)[http://www.slideshare.net/inquis/ath-con-2010bernardodamelegotdbownnet] presented by Bernardo at (AthCon 2010)[http://www.athcon.org/archive.php] in Athens (Greece) on June 3, 2010.
27
+
***sqlmap - security development in python** (slides)[http://www.slideshare.net/stamparm/euro-python-2011miroslavstamparsqlmapsecuritydevelopmentinpython] presented by Miroslav at (EuroPython 2011)[http://ep2011.europython.eu/] in Firenze (Italy) on June 23, 2011.
28
+
***It all starts with the ' (SQL injection from attacker's point of view)** (slides)[http://www.slideshare.net/stamparm/f-sec-2011miroslavstamparitallstartswiththesinglequote-9311238] presented by Miroslav at (FSec - FOI Security Symposium)[http://fsec.foi.hr/] in Varazdin (Croatia) on September 23, 2011.
29
+
***DNS exfiltration using sqlmap** (slides)[http://www.slideshare.net/stamparm/dns-exfiltration-using-sqlmap-13163281] and accompaining (whitepaper)[http://www.slideshare.net/stamparm/ph-days-2012miroslavstampardataretrievaloverdnsinsqlinjectionattackspaper] titled **Data Retrieval over DNS in SQL Injection Attacks** presented by Miroslav at (PHDays 2012)[http://www.phdays.com/] in Moscow (Russia) on May 31, 2012.
30
+
31
+
# Download
32
+
33
+
You can download the latest tarball by clicking (here)[https://github.com/sqlmapproject/sqlmap/tarball/master].
34
+
35
+
Preferably, you can download sqlmap by cloning the [Git](https://github.com/sqlmapproject/sqlmap) repository:
This is strongly recommended before reporting any bug to the [mailing list](#mailing-list).
41
+
19
42
# Mailing list
20
43
21
44
The **[email protected]** mailing list is the preferred way to ask questions, report bugs, suggest new features and discuss with other users, [contributors](https://github.com/sqlmapproject/sqlmap/blob/master/doc/THANKS) and the [developers](#developers). To subscribe use the [online web form](https://lists.sourceforge.net/lists/listinfo/sqlmap-users).
@@ -28,6 +51,16 @@ The mailing list is archived online on [SourceForge](http://sourceforge.net/mail
28
51
29
52
You can contact the development team by writing to [email protected].
30
53
54
+
# Contribute
55
+
56
+
We are constantly seeking for people who can write some clean Python code, are up to do security research, know about web application security, database assessment and takeover, software refactoring and are motivated to join the development team.
57
+
58
+
If this sounds interesting to you, send us your (pull requests)[https://github.com/sqlmapproject/sqlmap/pulls]!
59
+
60
+
# Donate
61
+
62
+
sqlmap is the result of numerous hours of passionated work from a small team of computer security enthusiasts. If you appreciated our work and you want to see sqlmap kept being developed, please consider making a small donation to our efforts.
63
+
31
64
# License
32
65
33
66
sqlmap is released under the terms of the [General Public License v2](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html).<BR>
0 commit comments