What is SQLMAP?

Sqlmap is a script written in pyton that will save you so much time when it comes to sql injection
attacks

Since sqlmap is written in python it is a very portable application meaning that it will work on
any operating system that supports Python. Which means that it will work in laymen terms on
Windows and Linux and Unix based operating systems. Some of the features available are:

1) takeover options
2) brute forcing -> for tables/columns
3) database fingerprinting
4) Google dork search options
4) command execution
5) operating system shell option
6) Proxy options
7) Enumeration options
8) password cracking options
9) and so much more...

Running SQLMAP -Basic

As we have more than 100+ options we will not list all the options but discuss the Important one

proxy option (--proxy)

sqlmap is able to connect to its target web server through a proxy, which is great when
you are trying to hide your real ip address. Sqlmap even comes with the (--tor) option
so that if you have tor running on your operating system you can just use the --tor option and it
will find either polipo/privoxy and connect to your target through your proxy.

# python sqlmap.py --proxy="http://127.0.0.1:8118"

Okay now if you are not familiar with python scripts you need to add the word "python" infront of the
script, (just like perl) or you can just use the ./ to run the script

# ./sqlmap.py --proxy="http://127.0.0.1:8118"

Here please notice that 127.0.0.1 = localhost which is where we are running Polipo and "8118" is the
port that polipo is running on.