Automatic tools play an important role in the field of penetration testing, either the test will going to conduct for network or for web application.
Web application penetration testing is very important for the high profile companies and for those services like E-commerce to secure the data of the user.
Most common and most valuable attack in the field of web is SQL-injection attack, SQL-Injection is a attack in which an attacker inject their code that exploit the security vulnerability in the database layer. In this attack an attacker try to get more and more requires data.
There are different commercial tools available in market to perform automatic injection to measure the security of a web application server, in this article we will talk about SQLMap.
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers.
it provide a lot of option to choose from, once it detects sql injection flaws in a web application it give you the multiple option to perform advance penetration. You can fingerprint and enumerate the application.
- It support MySQL, Oracle, PostgreSQL and Microsoft SQL Server.
- Full support for three SQL injection techniques: inferential blind SQL injection, UNION query (inband) SQL injection and batched queries support.
- It support anonymous proxy.
- It support http header cookies.
- Basic web server software and web application technology fingerprint.
- And more....
It available for both windows and linux plate form.