Can I use this skill for POST-based injections?

Yes, the skill includes instructions for using Burp Suite request files to target POST parameters and other complex HTTP requests.

What is the SQLMap Database Pentesting skill?

It is a specialized capability for Claude Code that provides automated workflows and commands for using SQLMap to detect and exploit SQL injection vulnerabilities.

Which databases does this skill support?

The skill supports a wide range of systems, including MySQL, PostgreSQL, Microsoft SQL Server, Oracle, SQLite, and many others.

Does it help with WAF bypass?

Yes, it provides specific troubleshooting steps and tamper script configurations to help bypass Web Application Firewalls and rate limiting.

SQLMap Database Penetration Testing

Name: SQLMap Database Penetration Testing
Author: zebbern

byzebbern

•

2,883

보안 및 테스팅

Automates SQL injection vulnerability detection and database exploitation using industry-standard SQLMap methodologies.

소개

This skill empowers Claude to perform systematic database security audits by leveraging SQLMap for automated injection testing. It provides a comprehensive framework for enumerating database structures, extracting sensitive table data, discovering column mappings, and performing advanced exploitation techniques like OS shell access. Ideal for security researchers and developers performing authorized penetration tests, it covers a wide range of database management systems including MySQL, PostgreSQL, and MSSQL while incorporating best practices for WAF bypass and performance optimization.

주요 기능

2,883 GitHub stars
Full data dumping capabilities including credential extraction and hash cracking
Automated SQL injection vulnerability detection across multiple DBMS types
Advanced target specification via HTTP request files or bulk URL lists
Comprehensive enumeration of databases, tables, and columns
WAF/IPS bypass techniques using tamper scripts and custom headers

사용 사례

Conducting authorized security audits to identify and fix SQL injection flaws
Extracting database schemas and data from vulnerable legacy applications
Automating bulk vulnerability scanning across large-scale web infrastructures

소개

주요 기능

2,883 GitHub stars
Full data dumping capabilities including credential extraction and hash cracking
Automated SQL injection vulnerability detection across multiple DBMS types
Advanced target specification via HTTP request files or bulk URL lists
Comprehensive enumeration of databases, tables, and columns
WAF/IPS bypass techniques using tamper scripts and custom headers

사용 사례

Conducting authorized security audits to identify and fix SQL injection flaws
Extracting database schemas and data from vulnerable legacy applications
Automating bulk vulnerability scanning across large-scale web infrastructures