Weitere ähnliche Inhalte Ähnlich wie sqlmap - why (not how) it works? (16) Mehr von Miroslav Stampar (7) Kürzlich hochgeladen (20) sqlmap - why (not how) it works?1. sqlmap – why (not how)
it works?
Miroslav Stampar
(miroslav@sqlmap.org)
sqlmap – why (not how)
it works?
Miroslav Stampar
(miroslav@sqlmap.org)
2. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 2
Formal introduction
sqlmap is an open source penetration testing
tool that automates the process of
detecting and exploiting SQL injection
flaws and taking over of database
servers. It comes with a powerful detection
engine, many niche features for the ultimate
penetration tester and a broad range of
switches lasting from database fingerprinting,
over data fetching from the database, to
accessing the underlying file system and
executing commands on the operating system
via out-of-band connections.
3. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 3
Birthday
4. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 4
Short history
Daniele Belluci (@belch) – July 1st
2006,
birthday of @sqlmap
Bernardo Damele A. G. (@inquisb) – late 2006,
joins the @sqlmap
Daniele Belluci (@belch) – late 2006, leaves the
@sqlmap
Miroslav Stampar (@stamparm) – late 2009,
joins the @sqlmap
...and they lived happily ever after :)
5. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 5
sqlmap.py (1)
Version Release date Switches / options Code files LOC Total size
0.(0.)1 2006-06-01 16 3 339 64KB
0.2 2006-12-13 20 7 1117 116KB
0.3 2007-01-20 24 8 1731 160KB
0.4 2007-06-15 34 18 3819 468KB
0.5 2007-11-04 37 23 5711 680KB
0.6 2008-09-01 47 55 11920 1.2MB
0.7 2009-07-25 75 85 19387 5.1MB
0.8 2010-03-14 94 96 22840 5.7MB
0.9 2011-04-10 115 212 38787 9.5MB
1.0(-dev-f89ce21) 177 375 60995 12MB
6. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 6
sqlmap.py (2)
7. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 7
sqlmap.py (3)
8. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 8
sqlmap.org (1)
9. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 9
sqlmap.org (2)
10. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 10
sqlmap.org (3)
11. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 11
sqlmap.org (4)
12. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 12
SourceForge (obsolete)
13. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 13
Mailing list (deprecated)
14. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 14
GitHub (1)
15. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 15
GitHub (2)
cuckoobox/cuckoo
beefproject/beef
andresriancho/w3af
sqlmapproject/sqlmap
rapid7/metasploit-framework
bro/bro
sleuthkit/sleuthkit
wireshark/wireshark
aircrack-ng/aircrack-ng
...
16. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 16
GitHub (3)
17. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 17
GitHub (4)
18. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 18
GitHub (5)
19. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 19
GitHub (6)
20. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 20
GitHub (7)
21. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 21
sqlmapreporter (1)
22. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 22
sqlmapreporter (2)
23. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 23
sqlmapreporter (3)
24. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 24
sqlmapreporter (4)
25. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 25
testenv (1)
26. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 26
testenv (2)
27. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 27
testenv (3)
28. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 28
Benchmark (sectoolmarket.com)
29. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 29
Twitter (1)
30. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 30
Twitter (2)
31. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 31
Twitter (3)
32. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 32
Twitter (4)
33. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 33
Twitter (5)
34. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 34
Donations (PayPal)
35. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 35
???
36. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 36
Donations (Ƀitcoin)
37. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 37
Dual license (1)
38. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 38
Dual license (2)
39. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 39
sqlmappro (1)
40. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 40
sqlmappro (2)
41. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 41
BOFH (1)
42. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 42
BOFH (2)
43. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 43
BOFH (3)
44. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 44
BOFH (4)
45. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 45
Answer to the title's question
Because of the long-lasting enthusiasm of a
couple of guys having a large, (very)
demanding and quite responsive user-base
(and couple of angry trolls)
...
...and they lived happily ever after :)
46. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 46
Questions?