These are the slides from a talk "sqlmap - why (not how) it works?" held at Navaja Negra & ConectaCon 2015 (Albacete / Spain)

1. sqlmap – why (not how)
it works?
Miroslav Stampar
(miroslav@sqlmap.org)
sqlmap – why (not how)
it works?
Miroslav Stampar
(miroslav@sqlmap.org)

2. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 2
Formal introduction
sqlmap is an open source penetration testing
tool that automates the process of
detecting and exploiting SQL injection
flaws and taking over of database
servers. It comes with a powerful detection
engine, many niche features for the ultimate
penetration tester and a broad range of
switches lasting from database fingerprinting,
over data fetching from the database, to
accessing the underlying file system and
executing commands on the operating system
via out-of-band connections.

3. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 3
Birthday

4. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 4
Short history
Daniele Belluci (@belch) – July 1st
2006,
birthday of @sqlmap
Bernardo Damele A. G. (@inquisb) – late 2006,
joins the @sqlmap
Daniele Belluci (@belch) – late 2006, leaves the
@sqlmap
Miroslav Stampar (@stamparm) – late 2009,
joins the @sqlmap
...and they lived happily ever after :)

5. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 5
sqlmap.py (1)
Version Release date Switches / options Code files LOC Total size
0.(0.)1 2006-06-01 16 3 339 64KB
0.2 2006-12-13 20 7 1117 116KB
0.3 2007-01-20 24 8 1731 160KB
0.4 2007-06-15 34 18 3819 468KB
0.5 2007-11-04 37 23 5711 680KB
0.6 2008-09-01 47 55 11920 1.2MB
0.7 2009-07-25 75 85 19387 5.1MB
0.8 2010-03-14 94 96 22840 5.7MB
0.9 2011-04-10 115 212 38787 9.5MB
1.0(-dev-f89ce21) 177 375 60995 12MB

6. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 6
sqlmap.py (2)

7. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 7
sqlmap.py (3)

8. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 8
sqlmap.org (1)

9. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 9
sqlmap.org (2)

10. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 10
sqlmap.org (3)

11. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 11
sqlmap.org (4)

12. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 12
SourceForge (obsolete)

13. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 13
Mailing list (deprecated)

14. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 14
GitHub (1)

15. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 15
GitHub (2)
cuckoobox/cuckoo
beefproject/beef
andresriancho/w3af
sqlmapproject/sqlmap
rapid7/metasploit-framework
bro/bro
sleuthkit/sleuthkit
wireshark/wireshark
aircrack-ng/aircrack-ng
...

16. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 16
GitHub (3)

17. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 17
GitHub (4)

18. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 18
GitHub (5)

19. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 19
GitHub (6)

20. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 20
GitHub (7)

21. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 21
sqlmapreporter (1)

22. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 22
sqlmapreporter (2)

23. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 23
sqlmapreporter (3)

24. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 24
sqlmapreporter (4)

25. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 25
testenv (1)

26. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 26
testenv (2)

27. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 27
testenv (3)

28. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 28
Benchmark (sectoolmarket.com)

29. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 29
Twitter (1)

30. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 30
Twitter (2)

31. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 31
Twitter (3)

32. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 32
Twitter (4)

33. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 33
Twitter (5)

34. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 34
Donations (PayPal)

35. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 35
???

36. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 36
Donations (Ƀitcoin)

37. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 37
Dual license (1)

38. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 38
Dual license (2)

39. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 39
sqlmappro (1)

40. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 40
sqlmappro (2)

41. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 41
BOFH (1)

42. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 42
BOFH (2)

43. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 43
BOFH (3)

44. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 44
BOFH (4)

45. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 45
Answer to the title's question
Because of the long-lasting enthusiasm of a
couple of guys having a large, (very)
demanding and quite responsive user-base
(and couple of angry trolls)
...
...and they lived happily ever after :)

46. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 46
Questions?