Can I extract password hashes for offline cracking?

Yes, the skill covers commands for dumping user credentials and specific columns, which often include password hashes.

Can I test POST-based parameters with this skill?

Yes, the skill includes instructions for using HTTP request files from tools like Burp Suite to target POST-based injection points.

Does it support WAF bypass techniques?

Yes, it provides guidance on utilizing tamper scripts, custom delays, and random user agents to evade detection by Web Application Firewalls.

Which database management systems are supported?

The skill supports a broad range of DBMS including MySQL, PostgreSQL, Microsoft SQL Server, Oracle, SQLite, and IBM DB2, among others.

Is OS-level access possible through this skill?

If the database user has sufficient privileges (like DBA), the skill provides the commands to attempt spawning an interactive OS shell or reading/writing files.

SQLMap Database Penetration Testing

Name: SQLMap Database Penetration Testing
Author: claudiodearaujo

byclaudiodearaujo

Seguridad y Pruebas

Automates the detection and exploitation of SQL injection vulnerabilities to perform comprehensive database security assessments.

Acerca de

This skill provides a systematic methodology for using SQLMap within Claude Code to automate SQL injection detection and exploitation. It guides security professionals through the entire lifecycle of a database penetration test, from initial vulnerability identification and schema enumeration to advanced data extraction and OS shell access. It supports a wide range of database management systems, including MySQL, PostgreSQL, and MSSQL, while offering specialized workflows for bypassing WAFs and handling complex HTTP requests.

Características Principales

Automated SQL injection detection and vulnerability verification
0 GitHub stars
WAF/IPS bypass strategies using tamper scripts and request headers
Full schema enumeration including databases, tables, and columns
Targeted data extraction and comprehensive database dumping
Advanced exploitation techniques including OS shell and file system access

Casos de Uso

Security research and vulnerability assessment reporting
Authorized security auditing of web applications for injection flaws
Automated discovery and extraction of sensitive database records

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter sqlmap-database-pentesting

For use in Claude.ai and ChatGPT

Download Skill

GitHub