Magic exist by Marta Loveguard - presentation.pptx
sqlmap - why (not how) it works?
1. sqlmap – why (not how)
it works?
Miroslav Stampar
(miroslav@sqlmap.org)
sqlmap – why (not how)
it works?
Miroslav Stampar
(miroslav@sqlmap.org)
2. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 2
Formal introduction
sqlmap is an open source penetration testing
tool that automates the process of
detecting and exploiting SQL injection
flaws and taking over of database
servers. It comes with a powerful detection
engine, many niche features for the ultimate
penetration tester and a broad range of
switches lasting from database fingerprinting,
over data fetching from the database, to
accessing the underlying file system and
executing commands on the operating system
via out-of-band connections.
4. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 4
Short history
Daniele Belluci (@belch) – July 1st
2006,
birthday of @sqlmap
Bernardo Damele A. G. (@inquisb) – late 2006,
joins the @sqlmap
Daniele Belluci (@belch) – late 2006, leaves the
@sqlmap
Miroslav Stampar (@stamparm) – late 2009,
joins the @sqlmap
...and they lived happily ever after :)
45. Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 45
Answer to the title's question
Because of the long-lasting enthusiasm of a
couple of guys having a large, (very)
demanding and quite responsive user-base
(and couple of angry trolls)
...
...and they lived happily ever after :)