Whatever you do with this tool is uniquely your responsibility. If you are not authorized to punch holes in the network you are attacking be aware that such action might get you in trouble with a lot of law enforcement agencies.
sqlmap has support for MySQL, Oracle, PostgreSQL and Microsoft SQL Server back-end database management systems. Besides these four database management systems software, sqlmap can also identify Microsoft Access, DB2, Informix, Sybase and Interbase
Download the sqlmap .deb package from here, double click on this downloaded file to install sqlmap along with all the required dependency.
Let's say that you are auditing a web application and found a web page that accepts dynamic user-provided values on GET or POST parameters or HTTP Cookie values or HTTP User-Agent header value. You now want to test if these are affected by a SQL injection vulnerability, and if so, exploit them to retrieve as much information as possible out of the web application's back-end database management system or even be able to access the underlying operating system.
Consider that the target url is:
Now pass the original address to sql map using command:
sqlmap -u "http://<server ip>/sqlmap/mysql/get_int.php?id=1" -v 1Sqlmap will automatically:
* Identify the vulnerable parameter(s) (id in this scenario);
* Depending on the user's options, fingerprint, enumerate, takeover the database server.
You can watch more demo videos, they are hosted on YouTube.