-
Feed it a SQL injection dork via --dork option and it will find vulnerable sites for you. After that, it will try to find their admin panels and also try to bypass them with SQL queries.
-
It can do very fast hash lookups for MD5, SHA1 and SHA2. You can supply a hash with --hash option. Average lookup takes less than 2 seconds.
-
You can also supply it a txt file containing hashes to be cracked with --list option.
-
The first mode just checks for 13 most common admin panel locations but if you feed a website through --admin option, you can do a full scan using 482 paths.
-
SQLMate has ability to scrap dorks as well. Specify dumping level via --dump option. Using --dump 1 will dump nearly 20 dorks so set the level anywhere between 1-184 as per your needs. SQLMate automatically saves the dorks into a txt file so you can use them later.
Scroll down for more.
Enter the following command in terminal to download SQLMate
git clone https://github.com/UltimateHackers/sqlmate
Then navigate to the sqlmate directory by entering this command
cd sqlmate
Now install the required modules
pip install -r requirements.txt
Now run sqlmate
python sqlmate
usage: sqlmate [-h] [--dork DORK] [--hash HASH] [--list <path>]
[--dump 1-184] [--admin URL] [--type PHP,ASP,HTML]
optional arguments:
-h, --help show this help message and exit
--dork DORK Supply a dork and let SQLMate do its thing
--hash HASH 'Crack' a hash in 5 secs
--list <path> Import and crack hashes from a txt file
--dump 1-184 Get dorks. Specify dumping level. Level 1 = 20 dorks
--admin URL Find admin panel of website
--type PHP,ASP,HTML Choose extension to scan (Use with --admin option,
Default is all)
Alright jump in! Find bugs or help me add these features:
- Avoiding duplicates in dork scan results
- A list of examples of sqlmap commands demonstrating some useful and less known sqlmap options
- Whatever you like
Thanks for using SQLMate.