How does the skill handle Web Application Firewalls (WAF)?

It includes methodologies for using tamper scripts, random user-agents, and request delays to bypass detection and rate-limiting mechanisms.

Does this skill require specific authorization?

Yes. This skill is intended for use only on systems where you have explicit, written permission to conduct penetration testing. Unauthorized testing is illegal.

Which databases can I test with this skill?

It supports a wide range of systems including MySQL, PostgreSQL, Microsoft SQL Server, Oracle, SQLite, IBM DB2, and many more.

Can I test POST requests using this skill?

Yes, the skill provides guidance on using request files (from tools like Burp Suite) to test POST-based parameters and complex HTTP headers.

SQLMap Database Pentesting

Name: SQLMap Database Pentesting
Author: claudiodearaujo

byclaudiodearaujo

Security & Testing

Automates SQL injection vulnerability detection and database exploitation using the industry-standard SQLMap tool.

About

This skill provides a systematic framework for performing automated database penetration testing using SQLMap within the Claude Code environment. It guides security professionals and developers through the complete exploitation lifecycle, from initial vulnerability discovery and database enumeration (schemas, tables, columns) to advanced data extraction and administrative tasks. Supporting a vast array of database systems like MySQL, PostgreSQL, and MSSQL, the skill includes specialized workflows for handling different injection types—such as UNION-based, time-based blind, and error-based—while offering practical solutions for bypassing WAFs and managing complex authentication via request files.

Key Features

Efficient data extraction and dumping of sensitive records, including password hash retrieval.
Comprehensive enumeration of database structures including schemas, tables, and column metadata.
Automated detection and verification of SQL injection vulnerabilities across diverse DBMS.
0 GitHub stars
Advanced exploitation capabilities such as OS shell access and file system interaction.
Built-in bypass strategies using tamper scripts, custom headers, and rate-limiting controls.

Use Cases

Automating the extraction of data from confirmed vulnerable endpoints for impact assessment.
Testing web application firewalls and security filters against sophisticated injection techniques.
Conducting authorized security audits to identify and remediate database-level vulnerabilities.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter sqlmap-database-pentesting

For use in Claude.ai and ChatGPT

Download Skill

GitHub

About

Key Features

Efficient data extraction and dumping of sensitive records, including password hash retrieval.
Comprehensive enumeration of database structures including schemas, tables, and column metadata.
Automated detection and verification of SQL injection vulnerabilities across diverse DBMS.
0 GitHub stars
Advanced exploitation capabilities such as OS shell access and file system interaction.
Built-in bypass strategies using tamper scripts, custom headers, and rate-limiting controls.

Use Cases

Automating the extraction of data from confirmed vulnerable endpoints for impact assessment.
Testing web application firewalls and security filters against sophisticated injection techniques.
Conducting authorized security audits to identify and remediate database-level vulnerabilities.