Can I extract password hashes for offline cracking?

Yes, the skill covers commands for dumping user credentials and specific columns, which often include password hashes.

Can I test POST-based parameters with this skill?

Yes, the skill includes instructions for using HTTP request files from tools like Burp Suite to target POST-based injection points.

Does it support WAF bypass techniques?

Yes, it provides guidance on utilizing tamper scripts, custom delays, and random user agents to evade detection by Web Application Firewalls.

Which database management systems are supported?

The skill supports a broad range of DBMS including MySQL, PostgreSQL, Microsoft SQL Server, Oracle, SQLite, and IBM DB2, among others.

Is OS-level access possible through this skill?

If the database user has sufficient privileges (like DBA), the skill provides the commands to attempt spawning an interactive OS shell or reading/writing files.

SQLMap Database Penetration Testing

Name: SQLMap Database Penetration Testing
Author: claudiodearaujo

byclaudiodearaujo

0•

보안 및 테스팅

Automates the detection and exploitation of SQL injection vulnerabilities to perform comprehensive database security assessments.

This skill provides a systematic methodology for using SQLMap within Claude Code to automate SQL injection detection and exploitation. It guides security professionals through the entire lifecycle of a database penetration test, from initial vulnerability identification and schema enumeration to advanced data extraction and OS shell access. It supports a wide range of database management systems, including MySQL, PostgreSQL, and MSSQL, while offering specialized workflows for bypassing WAFs and handling complex HTTP requests.

주요 기능

01Automated SQL injection detection and vulnerability verification

020 GitHub stars

03WAF/IPS bypass strategies using tamper scripts and request headers

04Full schema enumeration including databases, tables, and columns

05Targeted data extraction and comprehensive database dumping

06Advanced exploitation techniques including OS shell and file system access

사용 사례

01Security research and vulnerability assessment reporting

02Authorized security auditing of web applications for injection flaws

03Automated discovery and extraction of sensitive database records

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter sqlmap-database-pentesting

For use in Claude.ai and ChatGPT

주요 기능

01Automated SQL injection detection and vulnerability verification

020 GitHub stars

03WAF/IPS bypass strategies using tamper scripts and request headers

04Full schema enumeration including databases, tables, and columns

05Targeted data extraction and comprehensive database dumping

06Advanced exploitation techniques including OS shell and file system access

사용 사례

01Security research and vulnerability assessment reporting

02Authorized security auditing of web applications for injection flaws

03Automated discovery and extraction of sensitive database records

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter sqlmap-database-pentesting

For use in Claude.ai and ChatGPT