Clone this wiki locally
sqlmap is developed in Python, a dynamic, object-oriented, interpreted programming language freely available from http://python.org/download/. This makes sqlmap a cross-platform application which is independant of the operating system. sqlmap requires Python version 2.6.x or 2.7.x. To make it even easier, many GNU/Linux distributions come out of the box with Python installed. Other Unixes and Mac OSX also provide Python packaged and ready to be installed. Windows users can download and install the Python installer for x86, AMD64 and Itanium.
sqlmap relies on the Metasploit Framework for some of its post-exploitation takeover features. You can grab a copy of the framework from the download page - the required version is 3.5 or higher. For the ICMP tunneling out-of-band takeover technique, sqlmap requires the Impacket library too.
If you are willing to connect directly to a database server (switch
-d), without passing through the web application, you need to install Python bindings for the database management system that you are going to attack:
- DB2: python ibm-db
- Firebird: python-kinterbasdb
- Microsoft Access: python-pyodbc
- Microsoft SQL Server: python-pymssql
- MySQL: python pymysql
- Oracle: python cx_Oracle
- PostgreSQL: python-psycopg2
- SQLite: python-pysqlite2
- Sybase: python-pymssql
If you plan to attack a web application behind a NTLM authentication you'll need to install python-ntlm library.
Optionally, if you are running sqlmap on Windows, you may wish to install the PyReadline library in order to take advantage of the sqlmap TAB completion and history support features in the SQL shell and OS shell. Note that these functionalities are available natively via the standard Python readline library on other operating systems.