Bernardo Damele edited this page Sep 24, 2013 · 9 revisions

sqlmap wiki pages

User's manual


  • FAQ - Frequently Asked Questions
  • Presentations - Materials from sqlmap team presented at conferences
  • Screenshots - Collection of screenshots demonstrating some of features
  • Third party libraries - Detailed information about third-party libraries and tools used by sqlmap
Clone this wiki locally


sqlmap is developed in Python, a dynamic, object-oriented, interpreted programming language freely available from This makes sqlmap a cross-platform application which is independant of the operating system. sqlmap requires Python version 2.6.x or 2.7.x. To make it even easier, many GNU/Linux distributions come out of the box with Python installed. Other Unixes and Mac OSX also provide Python packaged and ready to be installed. Windows users can download and install the Python installer for x86, AMD64 and Itanium.

sqlmap relies on the Metasploit Framework for some of its post-exploitation takeover features. You can grab a copy of the framework from the download page - the required version is 3.5 or higher. For the ICMP tunneling out-of-band takeover technique, sqlmap requires the Impacket library too.

If you are willing to connect directly to a database server (switch -d), without passing through the web application, you need to install Python bindings for the database management system that you are going to attack:

If you plan to attack a web application behind a NTLM authentication you'll need to install python-ntlm library.

Optionally, if you are running sqlmap on Windows, you may wish to install the PyReadline library in order to take advantage of the sqlmap TAB completion and history support features in the SQL shell and OS shell. Note that these functionalities are available natively via the standard Python readline library on other operating systems.