Sqlmap is an open source injection tool that supports almost all databases, supports Get/post/cookie injection, supports false echo injection/blinds, and several other injection methods. Support Agent, fingerprint identification technology to judge the database. The sqm (Sqlmapgui) is a graphical interface that can quickly assemble parameters, construct sqlmap command statements, and invoke Sqlmap to execute.
sqm Original Author I do not understand, and the Chinese is ettack, this tool in 2012 years or so more popular, these days I understand, want to find a download on the internet also trouble, the original URL is mostly invalid, and finally have to csdn spend 10 points downloaded, installed after the operation felt still a pretty good tool, Just look at that SQLMQP command statement only a single line is very uncomfortable, and now some URLs have to go through the agent to access, the original program does not include the agent this option. So, I spent a bit of time to modify the source code, although before I tinker a little tkinter, but the process of modifying the layout is very bitter force.
-----------
This is the interface after the software is run:
This is the new "proxy" interface:
---------------
: Http://files.cnblogs.com/files/pcat/sqlmapGUI.zip
(If you have any questions, comments & suggestions, please contact me)
---------------
Installation Method :
py2.x version only
1. Enter the pyttk-0.3-py3k directory and execute the following statement to install the TTK module:
sudo Install Install
2. Copy the Sqm.pyw and Cfg_dir together into the Sqlmap same directory, execute the command
sudo python sqm.pywwindows:python sqm.pyw
(Windows can also double-click Open sqm.pyw Run)
---------------
How to use:
After entering the target URL, then tick the various parameters you want, click "Construct command Statement" will generate the corresponding SQLMAP command statement, and then click "Start" will open the Sqlmap Command window to run.
PS. Sqlmap initiates a request with the Sqlmap default User-agent, and the automatically generated--random-agent parameter in the construct command statement is randomly generated user-agent
---------------
Modified by pcathttp://pcat.cnblogs.com/modified as follows: 1. Add sqlmap command statement input box wrap and scroll bar, easy to enter, observe 2. Fixes the occlusion bug3 of the 3 input boxes under the previous "enumeration" tab. Add "Agent" Label 4. Other scattered
SQM (Sqlmapgui) Pcat modified version