what is sqlmap and how to use it.

sqlmap is an open source penetration testing tool, that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. it comes pre-installed with kali linux. sqlmap written in powerful language python.

sqlmap developed by Bernardo Damele and Miroslav Stampar. it support all major database management systems, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix.

it support to enumerate users, password hashes, privileges, roles, databases, tables and columns.

it support many SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.


Sqlmap is popular and powerful sql injection automation tool. there is no programming knowledge need for hack a website database through it, it completes  all process automate.


in this post we will learn how to exploit sql injection vulnerability, to hack a website.

How to hack a website with sqlmap.

Find a vulnerable website:

First scan a website. if you are using windows then scan with acunetix and if you are using kali then scan with zaproxy.


Find vulnerable url:

if acunetix and zaproxy show a sql injection vulnerability, then next step to exploit it with sqlmap. sometimes these scanner result are false positive,but you can try with different scanner.

Start exploit:

open terminal type:

“sqlmap -u example.com/index.php?id=16 ”


scan with sqlmap

Find Database:

database with sqlmap


Find tables:

tables with sqlmap


it extract all tables. find admin user and password in tables to get access in website. once you get admin user and password find admin panel url and takeover website. tools to find admin panel url are here.

more uses and tutorials you can find on official kali linux website.

Leave a Reply

Your email address will not be published. Required fields are marked *