Sqlmap is the most popular tool for automated exploitation of sql injection vulnerability and database takeover. Its written in python is cross platform.
If you are using Backtrack then sqlmap comes pre packaged in it. In this post I am going to show you the simple process to setup and run sqlmap on windows.
1. Download and install Python
Since sqlmap is written in python, the first thing you need is the python interpreter. Download the python interpreter from https://www.python.org/.
Windows installers can be found here:
https://www.python.org/downloads/windows/
There are two series of python, 2.7.x and 3.3.x. Sqlmap should run fine with either.
So download and install it.
2. Download and install Sqlmap
Next download the sqlmap zip file from sqlmap.org.
Extract the zip files in any directory.
Launch the dos prompt and navigate to the directory of sqlmap. Now run the sqlmap.py script with the python interpreter.
C:\sqlmapproject-sqlmap-2defc30>python ./sqlmap.py Usage: ./sqlmap.py [options] sqlmap.py: error: missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wiza rd, --update, --purge-output or --dependencies), use -h for basic or -hh for adv anced help Press Enter to continue...
That was easy! Sqlmap is asking for some parameters so that it can hack something.
Conclusion
Now that you have finished installing sqlmap and are ready to run it, you might want to read some tutorial on how to use sqlmap. Check out the following post:
https://www.binarytides.com/sqlmap-hacking-tutorial/The source code of Sqlmap is hosted on github. Check it out here:
https://github.com/sqlmapproject/sqlmap
c:\>\sqlmapproject-sqlmap-2defc30>python ./sqlmap.py
Access is denied.
c:\>Usage: ./sqlmap.py [options]
‘Usage:’ is not recognized as an internal or external command,
operable program or batch file.
c:\>
Oh god, you must be in the folder where you instal it.. xd
i know its pretty late to answer this but first navigate to the directory where you installed spqlmap
I have installed python ..I have extracted the file ive opened the sqlmap python file but then it says press enter to continue which I do and the tab just closes..I’ve tried many times same thing keeps happening I’m confused
you have to put sqlmap -u then the website example sqlmap -u http://www.usbank.com.php?id=4234 –dms –random-agent then enter otherwise it closes the cmd dont get why it does this on windows because linux keeps the terminal live untill you close it ! if you need info on setting your configurations just enter sqlmap –help for a full list of options!
hi ,
I am getting an issue in sqlmap.When i am downloading the file for sqlmap it is not showing the last two file i.e(sqlmap,sqlmapapi)with.exe exection .When I run whole process in cmd then it is not showing anything only taking the cursor to next line . Please help me out.
Hi Nishant,
install python first in any directory and download and install sqlmap in python directory then open desktop create shortcut for cmd and edit this path in properties (sqlmap location) then apply and ok then open this sqlmap cmd shortcut yay!! its open…………………….. then type ./sqlmap.py or sqlmap.py its confirm open.
YOu dumbass…you say sqlmap should work with either version of python. I downloaded 3.6 python and guess what? I got a CRITICAL ERROR,….INCOMPATIBLE VERSION OF PYTHON…DOWNLOAD 2.7 VERSION!
So you don’t know WHAT THE FUCK YOU ARE TALKING ABOUT…..
The instructions say 3.3 is ok where in fact it’s NOT!
Error: For successfully running sqlmap you’ll have to use version 2.6 or 2.7 (visit ‘http://www.python.org/download/’)
YOU MIS UNDERSTAND EVERYTHING. BOTH IS WORKING FINE. BUT 2.6 OR 2.7 FOR 64 BIT. WHY D OTHER ONE IS FOR 32BIT
I want to learn python and guide you can help me out.
Thank you.
It is still the case of installing Python 2.6 or 2.7:
[CRITICAL] incompatible Python version detected (‘3.4.2’). For successfully running sqlmap you’ll have to use version 2.6 or 2.7 (visit ‘http://www.python.org/download/’)
If you get the error “python is not recognized as internal or external command”: add the path to python.exe to the Windows environment variables Path
i have installed python 2.7.8. I got error : python is not recognized as internal or external command
Try to use the command “py”
That’s because you MUST use python 2.7…
Thank you so much! Haha
i run sqlmap.py but show a error message:
File “sqlmap.py”, line 104
except SqlmapBaseException, ex:
^
SyntaxError: invalid syntax
What’s the problem ?
Please reply
“except SqlmapBaseException, ex:”
If syntax is wrong, then you used the wrong interpreter. Probably (SURE) you tried with Python3.
Using tools REQUIRES read at least how to use. Doing those things without read docs could end in “shooting yourself into the foot”.
simple google search: This makes sqlmap a cross-platform application which is independant of the operating system. sqlmap requires Python version 2.6.x or 2.7.x. To make it even…etc
Particularily this is related to the except clause, that in python3 should be:
except SqlmapBaseException as ex:
From: http://www.python-course.eu/python3_exception_handling.php
when running pyton scripts via cmd you must gain super user privledges (root) + then navigate to the directory of python for example on linux distros you would use this
root@kali$> “cd home/this-will/be path to you/sqlmap-directory/’
so assuming it is sort of the same process,
1. GAIN ROOT ALWAYS
2. MAKE SURE YOU KNOW THE PATH DO THE SQLMAP DIR (ALSO EXTRACT IT IF ITS ZIP/RAR/7Zip
3. NAVIGATE TO THE ABOVE LOCATION USING >cd home/root/downloads/sqlmap-win10exam
4. If it put you in sqlmap direcotry or u notice a change in cd (current directory) on cmd… go ahead and use this it should work all things above ^ python.py sqlmap.py –wizard