sqlmap 0.9

We wrote about sqlmap version 0.8 Final being released. Now after an year, we have an update – sqlmap version 0.9.

“sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.“

This is the change log:

• Rewritten SQL injection detection engine (Bernardo and Miroslav).
• Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
• Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
• Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
• Implemented support for Firebird (Bernardo and Miroslav).
• Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
• Extended old ‘–dump -C‘ functionality to be able to search for specific database(s), table(s) and column(s), –search switch (Bernardo).
• Added support to tamper injection data with –tamper switch (Bernardo and Miroslav).
• Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
• Added support to enumerate roles on Oracle, –roles switch (Bernardo).
• Added support for SOAP based web services requests (Bernardo).
• Added support to fetch unicode data (Bernardo and Miroslav).
• Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch (Miroslav).
• Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
• Support to test and inject against HTTP Referer header (Miroslav).
• Implemented HTTP(s) proxy authentication support, –proxy-cred switch (Miroslav).
• Implemented feature to speedup the enumeration of table names (Miroslav).
• Support for customizable HTTP(s) redirections (Bernardo).
• Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, –replicate switch (Miroslav).
• Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav).
• Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns. Useful for instance when system table ‘information_schema‘ is not available on MySQL (Miroslav).
• Basic support for REST-style URL parameters by using the asterisk (*) to mark where to test for and exploit SQL injection (Miroslav).
• Added safe URL feature, –safe-url and –safe-freq (Miroslav).
• Added –text-only switch to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content (Miroslav).
• Implemented few other features and switches (Bernardo and Miroslav).
• Over 100 bugs fixed (Bernardo and Miroslav).
• Major code refactoring (Bernardo and Miroslav).
• User’s manual updated (Bernardo).

Download sqlmap 0.9 (sqlmap-0.9.tar.gz/sqlmap-0.9.zip) here.