It's been two months since this profile received a new review

SQLmap Reviews & Product Details

Value at a Glance

Averages based on real user reviews.

Perceived Cost

$$$$$

View More Pricing Information

Top-Rated Alternatives

View All Alternatives

G2 reviews are authentic and verified.

Here's how.

SHASHIDHAR KUDARI .

Small-Business (50 or fewer emp.)

6/24/2023

"Helps developers"

5/5

What do you like best about SQLmap?

Many of the developers don't do penetration testing while developing the API and this tool can help all of them including me Review collected by and hosted on G2.com.

What do you dislike about SQLmap?

I think they are providing it only for SQL db, but it might be helpful if they do it for nosql dbs also Review collected by and hosted on G2.com.

Atul T.

security evangelist

Small-Business (50 or fewer emp.)

5/19/2023

"A single masterpiece for hunting and automating sql injection"

5/5

What do you like best about SQLmap?

Its automation in finding and dumping database. Review collected by and hosted on G2.com.

What do you dislike about SQLmap?

Sometimes we need to give more details about db Review collected by and hosted on G2.com.

Priyanshu K.

Software Engineer

Small-Business (50 or fewer emp.)

12/8/2022

"A must-have tool for Pentesters"

4/5

What do you like best about SQLmap?

SQLmap automates the process of finding SQL injections in web applications. It performs advanced queries and supports different types of injections; it also has WAF bypass inbuilt. Review collected by and hosted on G2.com.

What do you dislike about SQLmap?

In some cases, it fails to detect injections, such as custom injections, but nothing else to dislike. Review collected by and hosted on G2.com.

Udesh B.

Assistant Engineer - Information Security

Small-Business (50 or fewer emp.)

1/14/2021

"Sqlmap is an open-source tool. It's a really good tool for SQLi, simple and useful."

5/5

What do you like best about SQLmap?

It can automatically detect and use the SQL injection vulnerability database and the access server. It has a very powerful detection engine, has a penetration tester variety of characteristics, accesses to the underlying file system to extract the fingerprint database connection and execute commands that take away Review collected by and hosted on G2.com.

What do you dislike about SQLmap?

Difficulty in Interfacing, Having a good user interface (GUI) will help relate better with users. Review collected by and hosted on G2.com.

What problems is SQLmap solving and how is that benefiting you?

it helps to retrieve large amounts of records from a database quickly and efficiently. Once it detects one or more SQL injections on the target host, the user can choose to perform an extensive back-end database management system fingerprinting, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns. Also, anyone can bypass WAF protection easily by using tamper scripts. Review collected by and hosted on G2.com.

Bawantha C.

Penetration Tester

Mid-Market (51-1000 emp.)

1/28/2021

"Useful tool if you are working in Cyber Security Industry"

5/5

What do you like best about SQLmap?

Easy to use and Very fast when considering other SQL injection tools , Has lot of new and valuable SQL injection methods that are not practical to test manually Review collected by and hosted on G2.com.

What do you dislike about SQLmap?

Even though the application is pretty fast considering the other software's in the market sometimes it tend to miss out on some more complex attacks Review collected by and hosted on G2.com.

Isuru S.

Security Consultant

Mid-Market (51-1000 emp.)

12/3/2019

"Amazing Database Vulnerability Scanning and a Take Over Tool"

5/5

What do you like best about SQLmap?

Its automated process of database vulnerability detection and takeover. SQLmap is not only used for direct database scanning, but also used against web applications to identify potential SQL vulnerabilities in programming and etc. Its uses include vulnerability scanning and assessment of security, analysis of web applications and, mainly, penetration testing and database takeover. Review collected by and hosted on G2.com.

What do you dislike about SQLmap?

It generates a good amount of false positives. We have to manually check whether a detected vulnerability exists and then verify it. Still considering its detailed output structure and ease of use this is not that much of a problem because if you are using it, then the chances are that you are already a security professional who is capable of manually verifying the detected vulnerability. Review collected by and hosted on G2.com.

Recommendations to others considering SQLmap:

If you are security professional conducting VAPT for either your own company products or for clients or else even if you just an IT guy needing to check the base security levels of the application, I recommend you use this tool. Its free to use with no additional effort and can be learnt easily through countless tutorial and comprehensive documentation available as both article/documentation and video based deliverables. Review collected by and hosted on G2.com.

What problems is SQLmap solving and how is that benefiting you?

We conduct VAPT as a service to clients. In this business it is good to have automated tools for testing rather than having to manually try countless methods and vulnerabilities. For SQL injection and database takeover via detecting SQL vulnerabilities (parameter or configuration), SQLmap proved to be one of the best tools in existence. Review collected by and hosted on G2.com.

Keshani B.

Intern

Enterprise (> 1000 emp.)

12/10/2019

"Best Automated SQL Injection Vulnerability Scanner"

5/5

What do you like best about SQLmap?

Its ability to thoroughly scan a web application to find SQL injection vulnerabilities and automatically exploit a detected vulnerability to take over the database. SQLmap is provided preinstalled in Kali Linux and is an essential tool to any professional security tester. When given an URL, it automatically executes a thorough SQL injection scan and if possible extract the entirety of database details and DB user details. These enumerated DB information include databases, roles, privileges, users, tables and their columns and can even get hash values of passwords. It even has the ability to bypass firewalls (WAF) employing tamper scripts. Review collected by and hosted on G2.com.

What do you dislike about SQLmap?

Nothing of significance. As with any other vulnerability scanner, SQLmap also gives false positives and the tester must manually check and confirm whether a detected vulnerability exists in the target. Review collected by and hosted on G2.com.

Recommendations to others considering SQLmap:

If you are a security professional in the IT field looking for SQL vulnerabilities in systems or even just a developer with the need to secure an application, this is the best tool for that. It automates the scanning process and the exploitation process and it supports a wide variety of DBMSs so that you won't have to look for a another tool just scan a specific alienated DBMS. SQLmap supports a variety of injection procedures and even supports to deploy dictionary attacks against hashed passwords. It comes already installed in Kali Linux distribution and it does not hurt that SQLmap is free of any charge. Review collected by and hosted on G2.com.

What problems is SQLmap solving and how is that benefiting you?

For sometime, we were in need of a tool which can automate the process of finding SQL vulnerabilities in web applications. It was our requirement that the tool should support at least the major Database Management Systems in existence while providing the minimum number of false positives possible. These requirements were fulfilled by SQLmap to the best extent possible. It supports DBMSs such as Microsoft SQL Server as well as Microsoft Access, MySQL, PostgreSQL, Oracle, SQLite, Sybase and many others. Review collected by and hosted on G2.com.

Isuru S.

Intern

Enterprise (> 1000 emp.)

12/7/2019

"Best Automated SQL Vulnerability Scanner"

5/5

What do you like best about SQLmap?

Everything about it. It is an amazing and a powerful automated engine for detecting SQL Injection vulnerabilities and, if possible, for database takeover. We can customize its commands to target a specific outcome. Since it is open-source., it is free of cost and has a massive online community of user who can guide you on any sort of problem that arises along the way. Due to its thorough testing of all possible DB vulnerabilities, any penetration tester can easily can conduct DB testing without much to worry about. Review collected by and hosted on G2.com.

What do you dislike about SQLmap?

One is that it does not have a graphical user interface. It may prove to be a little bit difficult, than it actually is, to some users because of this. Still, even with the command line interface, the learning curve is so small with all the help and tutorials available online. Another thing to dislike is its generation of false positive vulnerability findings. Even though this is true with any sort of vulnerability scanning software, still if the number of false positives can be limited to a minimum, SQLmap would be more impressive. In any case, the tester needs to double check the reported vulnerability by manually testing it. Review collected by and hosted on G2.com.

Recommendations to others considering SQLmap:

If you are penetration tester and still is not using SQLmap, trust me, you are missing out on a lot. SQLmap is a must have tool in every penetration testers arsenal. It is open-source and freely available, hence no involvement of huge fees to buy tools that does not give expected outputs. It is easily understood and has a large user community, so you can get started right away without much hassle. And it comes already installed in Kali Linux distribution, which if you are a penetration tester may be already using. Give it a try and you will be amazed with what it can do. Review collected by and hosted on G2.com.

What problems is SQLmap solving and how is that benefiting you?

For some time we were struggling with manually testing each possible DB vulnerabilities in web applications when we get an assignment such as web application penetration testing. But soon found out about SQLmap which automates the whole process. Even though we still have to manually verify the vulnerabilities it finds, still SQLmap saved a lot of time by automating all possible vulnerability scenarios and injections. Review collected by and hosted on G2.com.

Medhavi W.

Information Security Analyst

Enterprise (> 1000 emp.)

6/30/2019

"Best tool for sql injection tests."

4.5/5

What do you like best about SQLmap?

SQL map support for different kind of sql injections such as os injections, command injections and many more. sql map based on the python and it comes free with the Kali or you can download the repository from the internet and able to use in a linux based environment. most of the vulnerable sql injection vulnerabilities can able to exploit using this tool and this is an essential tool for penetration testings. Review collected by and hosted on G2.com.

What do you dislike about SQLmap?

SQL map is a command line tool and does not have any graphical user interface we need to memorize all the commands and it is a tool really hard to use and need and advanced knowledge about this tool for use it. Review collected by and hosted on G2.com.

chalaka Z.

Assistant lecturer

Mid-Market (51-1000 emp.)

7/31/2019

"Best tool for sql injection"

5/5

What do you like best about SQLmap?

SQLmap automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It has a powerful detection engine. numerous specialty highlights for an ultimate penetration tester and an expansive scope of changes enduring from database fingerprinting, over information bringing from the database to getting to the file system and executing commands on the OS by via out-of-band connections. Review collected by and hosted on G2.com.

What do you dislike about SQLmap?

There is nothing dislike anything about this if there is GUI for SQLmap could be more useful. Review collected by and hosted on G2.com.