Habilidades sqlmap-database-pentesting

📦

sqlmap-database-pentesting

Name: sqlmap-database-pentesting
Author: sickn33

Riesgo bajo ⚙️ Comandos externos🌐 Acceso a red

Automate SQL Injection Testing

This skill provides comprehensive sqlmap commands and methodologies for detecting and exploiting SQL injection vulnerabilities in web applications during authorized penetration tests.

Soporta: Claude Codex Code(CC)

📊 71 Adecuado

Descargar el ZIP de la skill

Subir en Claude

Ve a Configuración → Capacidades → Skills → Subir skill

Activa y empieza a usar

Pruébalo

Usando "sqlmap-database-pentesting". Run sqlmap basic scan on http://testphp.vulnweb.com/artists.php?artist=1

Resultado esperado:

sqlmap identified the following injection point:

Parameter: artist (GET)
Type: boolean-based blind
Title: MySQL boolean-based blind - WHERE clause
Payload: artist=1 AND 5737=5737

Database: acuart
Available databases [4]:
* information_schema
* acuart
* mysql
* test

Usando "sqlmap-database-pentesting". Extract user credentials from the users table

Resultado esperado:

Usando "sqlmap-database-pentesting". What are the legal requirements for using sqlmap?

Resultado esperado:

Legal Requirements for sqlmap Usage:

1. Written Authorization: Only test systems where you have explicit written permission from the system owner
2. Scope Limitations: Respect the scope defined in your engagement rules
3. Documentation: Document all testing activities and findings
4. Responsible Disclosure: Report vulnerabilities to the system owner
5. Legal Warning: Google dork attacks against unknown sites are illegal

Auditoría de seguridad

Riesgo bajo

v1 • 2/25/2026

This skill provides documentation for sqlmap, a legitimate open-source penetration testing tool. The detected patterns (external_commands, network URLs) are all documentation examples showing command syntax. Contains appropriate legal warnings about authorization requirements. All static findings are false positives - no actual command execution or unauthorized network activity.

Archivos escaneados

406

Líneas analizadas

hallazgos

Auditorías totales

Problemas de riesgo medio (1)

SKILL.md:19-400

External Command Examples in Documentation

The skill contains 93 examples of sqlmap command syntax using backtick formatting. These are documentation examples, not actual command execution. sqlmap is a legitimate OWASP-recognized penetration testing tool.

Problemas de riesgo bajo (1)

SKILL.md:41-300

Example URLs in Documentation

The skill contains example URLs like http://target.com and test URLs. These are standard documentation placeholders, not actual network targets.

Factores de riesgo

⚙️ Comandos externos (1)

SKILL.md:19

🌐 Acceso a red (1)

SKILL.md:41

Auditado por: claude

Puntuación de calidad

Arquitectura

100

Mantenibilidad

Contenido

Comunidad

Seguridad

Cumplimiento de la especificación

Lo que puedes crear

Web Application Security Testing

Security professionals use this skill to systematically test web applications for SQL injection vulnerabilities during authorized penetration tests.

Database Vulnerability Assessment

Developers and security teams use sqlmap to identify and verify SQL injection vulnerabilities in their applications before attackers can exploit them.

Security Education and Training

Security trainers use sqlmap in controlled environments to teach developers about SQL injection risks and secure coding practices.

Prueba estos prompts

Basic SQL Injection Scan

Run sqlmap to check if http://example.com/page.php?id=1 is vulnerable to SQL injection. Use batch mode for non-interactive output.

Database Enumeration

Use sqlmap to enumerate all databases on the target http://example.com/login.php. I have written authorization to test this system.

Extract User Credentials

Use sqlmap to extract the users table from the webapp database. Dump username and password columns.

Bypass WAF Protection

The target is behind a WAF. Show me how to use sqlmap with tamper scripts to bypass the protection.

Mejores prácticas

Always obtain written authorization before testing any system
Start with low risk options and escalate only if necessary
Use --batch mode for automated non-interactive scanning
Document all findings and maintain audit trails of testing activities

Evitar

Testing systems without explicit authorization
Using --risk=3 or --level=5 on production systems without understanding impact
Running sqlmap against Google dorks to find random targets
Ignoring legal requirements and scope limitations in engagement rules

Preguntas frecuentes

What is sqlmap?

sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws. It is recognized by OWASP as a standard security testing tool.

Is using sqlmap legal?

sqlmap is legal when used on systems you own or have explicit written authorization to test. Using it on systems without permission is illegal.

What databases does sqlmap support?

sqlmap supports MySQL, PostgreSQL, Microsoft SQL Server, Oracle, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB, and Informix.

What is the difference between --dump and --dump-all?

--dump extracts data from a specific table you specify, while --dump-all extracts data from all tables in the target database.

How can I bypass a WAF when using sqlmap?

Use the --tamper option with scripts like space2comment, between, or randomcase. You can also use --delay to add pauses between requests.

What does --os-shell do?

--os-shell attempts to obtain an interactive operating system shell on the target server, if the database user has DBA privileges and the underlying database configuration allows it.

Detalles del desarrollador

Autor

sickn33

Licencia

MIT

Repositorio

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/sqlmap-database-pentesting

Ref.

main

Estructura de archivos

📄 SKILL.md