1.
sqlmap – why (not how)
it works?
Miroslav Stampar
(miroslav@sqlmap.org)
sqlmap – why (not how)
it works?
Miroslav Stampar
(miroslav@sqlmap.org)

2.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 2
Formal introduction
sqlmap is an open source penetration testing
tool that automates the process of
detecting and exploiting SQL injection
flaws and taking over of database
servers. It comes with a powerful detection
engine, many niche features for the ultimate
penetration tester and a broad range of
switches lasting from database fingerprinting,
over data fetching from the database, to
accessing the underlying file system and
executing commands on the operating system
via out-of-band connections.

3.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 3
Birthday

4.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 4
Short history
Daniele Belluci (@belch) – July 1st
2006,
birthday of @sqlmap
Bernardo Damele A. G. (@inquisb) – late 2006,
joins the @sqlmap
Daniele Belluci (@belch) – late 2006, leaves the
@sqlmap
Miroslav Stampar (@stamparm) – late 2009,
joins the @sqlmap
...and they lived happily ever after :)

5.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 5
sqlmap.py (1)
Version Release date Switches / options Code files LOC Total size
0.(0.)1 2006-06-01 16 3 339 64KB
0.2 2006-12-13 20 7 1117 116KB
0.3 2007-01-20 24 8 1731 160KB
0.4 2007-06-15 34 18 3819 468KB
0.5 2007-11-04 37 23 5711 680KB
0.6 2008-09-01 47 55 11920 1.2MB
0.7 2009-07-25 75 85 19387 5.1MB
0.8 2010-03-14 94 96 22840 5.7MB
0.9 2011-04-10 115 212 38787 9.5MB
1.0(-dev-f89ce21) 177 375 60995 12MB

6.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 6
sqlmap.py (2)

7.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 7
sqlmap.py (3)

8.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 8
sqlmap.org (1)

9.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 9
sqlmap.org (2)

10.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 10
sqlmap.org (3)

11.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 11
sqlmap.org (4)

12.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 12
SourceForge (obsolete)

13.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 13
Mailing list (deprecated)

14.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 14
GitHub (1)

15.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 15
GitHub (2)
cuckoobox/cuckoo
beefproject/beef
andresriancho/w3af
sqlmapproject/sqlmap
rapid7/metasploit-framework
bro/bro
sleuthkit/sleuthkit
wireshark/wireshark
aircrack-ng/aircrack-ng
...

16.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 16
GitHub (3)

17.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 17
GitHub (4)

18.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 18
GitHub (5)

19.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 19
GitHub (6)

20.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 20
GitHub (7)

21.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 21
sqlmapreporter (1)

22.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 22
sqlmapreporter (2)

23.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 23
sqlmapreporter (3)

24.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 24
sqlmapreporter (4)

25.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 25
testenv (1)

26.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 26
testenv (2)

27.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 27
testenv (3)

28.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 28
Benchmark (sectoolmarket.com)

29.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 29
Twitter (1)

30.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 30
Twitter (2)

31.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 31
Twitter (3)

32.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 32
Twitter (4)

33.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 33
Twitter (5)

34.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 34
Donations (PayPal)

35.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 35
???

36.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 36
Donations (Ƀitcoin)

37.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 37
Dual license (1)

38.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 38
Dual license (2)

39.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 39
sqlmappro (1)

40.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 40
sqlmappro (2)

41.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 41
BOFH (1)

42.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 42
BOFH (2)

43.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 43
BOFH (3)

44.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 44
BOFH (4)

45.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 45
Answer to the title's question
Because of the long-lasting enthusiasm of a
couple of guys having a large, (very)
demanding and quite responsive user-base
(and couple of angry trolls)
...
...and they lived happily ever after :)

46.
Navaja Negra & ConectaCon, Albacete (Spain) October 02nd, 2015 46
Questions?