sqlmap-database-penetration-testing

star 444

This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing." It provides comprehensive guidance for using SQLMap to detect and exploit SQL injection vulnerabilities.

Dokhacgiakhoa By Dokhacgiakhoa schedule Updated 2/11/2026
play_arrow Run Skill in Manus View GitHub

name: SQLMap Database Penetration Testing description: This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing." It provides comprehensive guidance for using SQLMap to detect and exploit SQL injection vulnerabilities. metadata: author: zebbern version: 4.1.0-fractal

SQLMap Database Penetration Testing

Purpose

Provide systematic methodologies for automated SQL injection detection and exploitation using SQLMap. This skill covers database enumeration, table and column discovery, data extraction, multiple target specification methods, and advanced exploitation techniques for MySQL, PostgreSQL, MSSQL, Oracle, and other database management systems.

Inputs / Prerequisites

  • Target URL: Web application URL with injectable parameter (e.g., ?id=1)
  • SQLMap Installation: Pre-installed on Kali Linux or downloaded from GitHub
  • Verified Injection Point: URL parameter confirmed or suspected to be SQL injectable
  • Request File (Optional): Burp Suite captured HTTP request for POST-based injection
  • Authorization: Written permission for penetration testing activities

Outputs / Deliverables

  • Database Enumeration: List of all databases on the target server
  • Table Structure: Complete table names within target database
  • Column Mapping: Column names and data types for each table
  • Extracted Data: Dumped records including usernames, passwords, and sensitive data
  • Hash Values: Password hashes for offline cracking
  • Vulnerability Report: Confirmation of SQL injection type and severity

Core Workflow

🧠 Knowledge Modules (Fractal Skills)

1. 1. Identify SQL Injection Vulnerability

2. 2. Enumerate Databases

3. 3. Enumerate Tables

4. 4. Enumerate Columns

5. 5. Extract Data

6. 6. Advanced Target Options

7. Database Enumeration Progression

8. Supported Database Management Systems

9. SQL Injection Techniques

10. Essential Options

11. Operational Boundaries

12. Performance Considerations

13. Legal Requirements

14. Detection Risk

15. Example 1: Complete Database Enumeration

16. Example 2: POST Request Injection

17. Example 3: Bulk Target Scanning

18. Example 4: Aggressive Testing

19. Example 5: Extract Specific Credentials

20. Example 6: OS Shell Access (Advanced)

21. Issue: "Parameter does not seem injectable"

22. Issue: Target Behind WAF/Firewall

23. Issue: Connection Timeout

24. Issue: Time-Based Attacks Too Slow

25. Issue: Cannot Dump Large Tables

26. Issue: Session Drops During Long Scan

Install via CLI
npx skills add https://github.com/Dokhacgiakhoa/antigravity-ide --skill sqlmap-database-penetration-testing
Repository Details
star Stars 444
call_split Forks 137
navigation Branch main
article Path SKILL.md
More from Creator
Dokhacgiakhoa
Dokhacgiakhoa Explore all skills →