SQLMap
Knowing how to perform attacks by hand is important because:
- You may not always be able to use automated tools
- SQLMap still needs some manual inputs, especially to find an original entry point
- Tools can leave a very heavy footprint behind
Under the hood, SQLMap automatically:
- Identifies vulnerable parameters
- Identifies SQL injection techniques to use based on the DBMS
- Fingerprints the back-end DBMS to gather information
- Enumerates data and could take over the database server as a whole
