Sqlmap tutorial for beginners – hacking with sql injection

As I discussed in my previous post that we can exploit Union Based SQL Injection with the help of manual SQL queries. now we will do the same exercise with a Python based tool SQLMAP.

Note:- This tutorial is being carried out on demo test site provided by ACUNETIX, You can also try on the same website.


Sqlmap is arguably the most popular and powerful sql injection automation tool available and it is completely open-source. All it needs is the vulnerable URL in case of get request or a text file in case we want to perform it on a post request.

Sqlmap can exploit the application’s database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc. It can even read and write files on the remote file system under certain conditions.

Install Sqlmap on Windows

Sqlmap is arguably the most popular tool for exploitation of sql injection vulnerability and database takeover. It is completely automated and customization depending upon the server or database configurations. This tool provides wide ranges of flags which can be used to trigger an attack in an effective manner. It is completely open-source in terms of license. Its written in python. Now as I am going to discuss more and more about sqlmap it’s usage and tutorials in my forthcoming blogs so we need to know how to install and start sqlmap for further uses.

If you use Kali, Backtrack or any such VM then it comes as a package.

This post is a brief guide to setup and run sqlmap on windows. I am installing on Windows 10 machines but it works fine on any windows flavor, we just need python to support it.