sqlmap
E192901
sqlmap is an open-source penetration testing tool that automates the detection and exploitation of SQL injection vulnerabilities in web applications.
All labels observed (1)
| Label | Occurrences |
|---|---|
| sqlmap canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T1717785 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: sqlmap Context triple: [Kali Linux, includesTool, sqlmap]
-
A.
Aircrack‑ng
Aircrack‑ng is an open-source suite of tools used for auditing and cracking Wi‑Fi network security, including WEP and WPA/WPA2 encryption.
-
B.
Reaver (WPS attack tool)
Reaver is a specialized Wi-Fi security tool designed to exploit vulnerabilities in the WPS (Wi-Fi Protected Setup) protocol in order to recover WPA/WPA2 passphrases.
-
C.
Checkmarx
Checkmarx is a cybersecurity company specializing in application security testing solutions that help organizations identify and remediate vulnerabilities in their software code.
-
D.
Hashcat
Hashcat is a high-performance, open-source password recovery and cracking tool that supports numerous hashing algorithms and leverages GPU acceleration for speed.
-
E.
SQLite
SQLite is a lightweight, self-contained, serverless SQL database engine widely embedded in applications, operating systems, and devices.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: sqlmap Target entity description: sqlmap is an open-source penetration testing tool that automates the detection and exploitation of SQL injection vulnerabilities in web applications.
-
A.
Aircrack‑ng
Aircrack‑ng is an open-source suite of tools used for auditing and cracking Wi‑Fi network security, including WEP and WPA/WPA2 encryption.
-
B.
Reaver (WPS attack tool)
Reaver is a specialized Wi-Fi security tool designed to exploit vulnerabilities in the WPS (Wi-Fi Protected Setup) protocol in order to recover WPA/WPA2 passphrases.
-
C.
Checkmarx
Checkmarx is a cybersecurity company specializing in application security testing solutions that help organizations identify and remediate vulnerabilities in their software code.
-
D.
Hashcat
Hashcat is a high-performance, open-source password recovery and cracking tool that supports numerous hashing algorithms and leverages GPU acceleration for speed.
-
E.
SQLite
SQLite is a lightweight, self-contained, serverless SQL database engine widely embedded in applications, operating systems, and devices.
- F. None of above. chosen
Statements (88)
| Predicate | Object |
|---|---|
| instanceOf |
command-line tool
ⓘ
open-source software ⓘ penetration testing tool ⓘ security testing tool ⓘ software tool ⓘ |
| category |
Database security software
ⓘ
Penetration testing software ⓘ Web security software ⓘ |
| developedIn |
Python
ⓘ
surface form:
Python programming language
|
| genre |
SQL injection testing
ⓘ
database security ⓘ web application security ⓘ |
| hasComponent |
OS takeover module
ⓘ
database fingerprinting module ⓘ enumeration module ⓘ tamper script engine ⓘ |
| hasFeature |
OS command execution via SQL injection
ⓘ
WAF evasion techniques ⓘ automatic detection of SQL injection flaws ⓘ automatic exploitation of SQL injection flaws ⓘ automatic recognition of database management system ⓘ automatic recognition of web application technology stack ⓘ batch mode ⓘ command-line interface ⓘ data dumping ⓘ database schema enumeration ⓘ database takeover ⓘ database user enumeration ⓘ integration with Tor and proxies for anonymity ⓘ logging of requests and responses ⓘ proxy support ⓘ resume of interrupted data dumps ⓘ session management ⓘ support for custom payloads ⓘ support for multiple levels of verbosity ⓘ support for user-defined injection points ⓘ support for various injection techniques ⓘ tamper scripts ⓘ tor network support ⓘ |
| implements |
SQL injection detection
ⓘ
SQL injection exploitation ⓘ blind SQL injection ⓘ data extraction ⓘ database enumeration ⓘ database fingerprinting ⓘ error-based SQL injection ⓘ file system access via SQL injection ⓘ out-of-band SQL injection ⓘ time-based SQL injection ⓘ |
| license |
GNU General Public License
ⓘ
surface form:
GNU General Public License v2
GNU General Public License ⓘ
surface form:
GPL-2.0-only
|
| operatingSystem |
Linux
ⓘ
Unix-like systems ⓘ Windows ⓘ macOS ⓘ |
| primaryLanguage | Python ⓘ |
| repository | https://github.com/sqlmapproject/sqlmap ⓘ |
| sourceModel | open source ⓘ |
| supports |
Cookie parameters
ⓘ
DNS exfiltration ⓘ Firebird ⓘ GET parameters ⓘ HTTP ⓘ HTTP headers ⓘ HTTPS ⓘ IBM DB2 ⓘ MariaDB ⓘ SQL Server ⓘ
surface form:
Microsoft SQL Server
MySQL ⓘ Oracle Database ⓘ POST parameters ⓘ PostgreSQL ⓘ SAP MaxDB ⓘ SQLite ⓘ Sybase ⓘ URL query strings ⓘ authentication mechanisms testing ⓘ cookie-based sessions ⓘ custom HTTP headers ⓘ stacked queries ⓘ stored SQL injection ⓘ union-based SQL injection ⓘ |
| usedFor |
ethical hacking
ⓘ
penetration testing ⓘ security auditing ⓘ vulnerability assessment ⓘ |
| website | https://sqlmap.org/ ⓘ |
| writtenIn | Python ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: sqlmap Description of subject: sqlmap is an open-source penetration testing tool that automates the detection and exploitation of SQL injection vulnerabilities in web applications.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.