How does the skill handle Web Application Firewalls (WAF)?

It includes methodologies for using tamper scripts, random user-agents, and request delays to bypass detection and rate-limiting mechanisms.

Does this skill require specific authorization?

Yes. This skill is intended for use only on systems where you have explicit, written permission to conduct penetration testing. Unauthorized testing is illegal.

Which databases can I test with this skill?

It supports a wide range of systems including MySQL, PostgreSQL, Microsoft SQL Server, Oracle, SQLite, IBM DB2, and many more.

Can I test POST requests using this skill?

Yes, the skill provides guidance on using request files (from tools like Burp Suite) to test POST-based parameters and complex HTTP headers.

SQLMap Database Pentesting

Name: SQLMap Database Pentesting
Author: claudiodearaujo

byclaudiodearaujo

0•

セキュリティとテスト

Automates SQL injection vulnerability detection and database exploitation using the industry-standard SQLMap tool.

This skill provides a systematic framework for performing automated database penetration testing using SQLMap within the Claude Code environment. It guides security professionals and developers through the complete exploitation lifecycle, from initial vulnerability discovery and database enumeration (schemas, tables, columns) to advanced data extraction and administrative tasks. Supporting a vast array of database systems like MySQL, PostgreSQL, and MSSQL, the skill includes specialized workflows for handling different injection types—such as UNION-based, time-based blind, and error-based—while offering practical solutions for bypassing WAFs and managing complex authentication via request files.

主な機能

01Efficient data extraction and dumping of sensitive records, including password hash retrieval.

02Comprehensive enumeration of database structures including schemas, tables, and column metadata.

03Automated detection and verification of SQL injection vulnerabilities across diverse DBMS.

040 GitHub stars

05Advanced exploitation capabilities such as OS shell access and file system interaction.

06Built-in bypass strategies using tamper scripts, custom headers, and rate-limiting controls.

ユースケース

01Automating the extraction of data from confirmed vulnerable endpoints for impact assessment.

02Testing web application firewalls and security filters against sophisticated injection techniques.

03Conducting authorized security audits to identify and remediate database-level vulnerabilities.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter sqlmap-database-pentesting

For use in Claude.ai and ChatGPT

主な機能

01Efficient data extraction and dumping of sensitive records, including password hash retrieval.

02Comprehensive enumeration of database structures including schemas, tables, and column metadata.

03Automated detection and verification of SQL injection vulnerabilities across diverse DBMS.

040 GitHub stars

05Advanced exploitation capabilities such as OS shell access and file system interaction.

06Built-in bypass strategies using tamper scripts, custom headers, and rate-limiting controls.

ユースケース

01Automating the extraction of data from confirmed vulnerable endpoints for impact assessment.

02Testing web application firewalls and security filters against sophisticated injection techniques.

03Conducting authorized security audits to identify and remediate database-level vulnerabilities.