This project demonstrates ethical SQL Injection testing using SQLmap, one of the most powerful open-source penetration testing tools. It is designed to simulate real-world injection attacks in a safe and controlled environment using DVWA (Damn Vulnerable Web Application) and to help students, developers, and security enthusiasts learn about common database vulnerabilities.
- ✅ Automated detection of SQL Injection vulnerabilities
- ✅ Real-time exploitation via command-line or scripts
- ✅ Target: DVWA hosted on localhost using XAMPP or Docker
- ✅ Parameterized testing with GET, POST, Cookie, and Header injections
- ✅ Custom SQLmap automation with Python
- ✅ Educational and beginner-friendly setup
- SQLmap (for SQLi testing)
- DVWA (vulnerable testbed)
- XAMPP / Docker (for local web server and MySQL)
- Python (optional automation and reporting)
- Browser DevTools / Postman (for capturing requests)
/sqlmap-sqli-project/ ├── dvwa-setup/ # DVWA setup files and configuration ├── sqlmap-commands/ # Sample SQLmap usage scripts and logs ├── screenshots/ # Screenshots of attacks and results ├── automation/ # Optional: Python automation for SQLmap ├── README.md # Project documentation └── merged_results.xlsx # Merged and deduplicated SQLmap outputs (if any)
- Clone this repo:
git clone https://github.com/your-username/sqlmap-sqli-project.git cd sqlmap-sqli-project - Install & configure XAMPP/Docker, then setup DVWA.
- Launch SQLmap from CLI or use scripts from
/sqlmap-commands/. - Analyze logs or outputs for insights.
This project is for educational and ethical testing purposes only. Do not use SQLmap or any part of this project on systems without explicit authorization.