Which database management systems (DBMS) are supported?

The skill supports a wide range of databases including MySQL, PostgreSQL, Microsoft SQL Server, Oracle, IBM DB2, SQLite, and several others.

Can this skill help bypass Web Application Firewalls (WAF)?

Yes, it includes advanced troubleshooting steps such as using tamper scripts, random User-Agents, and request delays to help evade detection by WAFs and IPS systems.

Does this skill require specific prerequisites?

Users should have a target URL or request file, a local SQLMap installation, and most importantly, explicit written authorization to perform penetration testing on the target.

What is the primary purpose of the SQLMap skill?

It provides a comprehensive guide and automated workflows for using SQLMap to detect and exploit SQL injection vulnerabilities in web applications during authorized security tests.

SQLMap Database Pentesting

Name: SQLMap Database Pentesting
Author: claudiodearaujo

byclaudiodearaujo

Security & Testing

Automates SQL injection detection and database exploitation using the industry-standard SQLMap tool for security audits.

About

This skill provides a systematic methodology for identifying and exploiting SQL injection vulnerabilities across various database management systems like MySQL, PostgreSQL, and MSSQL. It guides users through the entire penetration testing lifecycle—from initial vulnerability verification and database enumeration to full data extraction and advanced OS-level access. Designed for security professionals with authorized access, it simplifies complex SQLMap commands and provides troubleshooting strategies for bypassing WAFs, handling large-scale database dumps, and performing bulk target analysis.

Key Features

Built-in strategies for bypassing WAFs and firewalls using tamper scripts and custom headers.
0 GitHub stars
Full database enumeration capabilities for tables, columns, and sensitive record dumping.
Flexible target specification via direct URLs, HTTP request files, and bulk log parsing.
Automated detection of diverse SQL injection techniques including Boolean, Time, Error, and UNION-based.
Advanced exploitation support for password hash extraction and interactive OS shell access.

Use Cases

Extracting database schemas and credentials during professional penetration testing engagements.
Automating bulk vulnerability scanning across multiple targets to verify organizational security compliance.
Conducting authorized security audits to identify and remediate SQL injection flaws in web applications.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter sqlmap-database-pentesting

For use in Claude.ai and ChatGPT

Download Skill

GitHub

About

Key Features

Built-in strategies for bypassing WAFs and firewalls using tamper scripts and custom headers.
0 GitHub stars
Full database enumeration capabilities for tables, columns, and sensitive record dumping.
Flexible target specification via direct URLs, HTTP request files, and bulk log parsing.
Automated detection of diverse SQL injection techniques including Boolean, Time, Error, and UNION-based.
Advanced exploitation support for password hash extraction and interactive OS shell access.

Use Cases

Extracting database schemas and credentials during professional penetration testing engagements.
Automating bulk vulnerability scanning across multiple targets to verify organizational security compliance.
Conducting authorized security audits to identify and remediate SQL injection flaws in web applications.