sqlmap-gui

GUI for SQLMAP, a powerful tool for automated SQL injection

sqlmap-gui

sqlmap-gui is a Python-based graphical user interface (GUI) for interacting with the powerful sqlmap penetration testing tool. This GUI simplifies the use of sqlmap, enabling users to execute SQL injection tests and analyze vulnerabilities without requiring extensive command-line experience.

GitHub release GitHub release date GitHub last commit

Features

  • User-Friendly Interface: Simplified navigation for sqlmap functionalities.
  • Comprehensive Options: Access to all popular sqlmap commands with categorized tabs.
  • Results Display: Real-time output display for executed sqlmap commands.
  • Cross-Platform: Runs on Windows and Linux (working).
  • Customizable: Easily add new features or extend the interface.

Screenshots

Installation

Follow these steps to set up the project locally:

Clone the Repository

git clone https://github.com/raselmandol/sqlmap-gui.git
cd sqlmap-gui

Create a Virtual Environment

python -m venv sqlmap_env
sqlmap_env\Scripts\activate    # Windows

Install Dependencies

pip install -r requirements.txt

Build

pip install -e .

Run the Application

python sqlmap_gui

How to Use

  1. Launch the GUI (python sqlmap_gui).
  2. Navigate through the tabs to explore sqlmap commands:
    • Injection Tests: Enter a target URL and customize sqlmap options.
    • Advanced Options: Configure sqlmap payloads and settings.
  3. Execute the command and view results in the output console.

Folder Structure

sqlmap-gui/
├── build/                     # Auto-generated build files (ignored)
├── sqlmap/                    # sqlmap tool integration
├── sqlmap_env/                # Virtual environment (ignored)
├── sqlmap_gui/                # Main GUI source code
│   ├── sections/              # Modular GUI sections
│   ├── __init__.py            # Initialization script
│   ├── main.py                # Main application entry point
├── sqlmap_gui.egg-info/       # Metadata files (ignored)
├── setup.py                   # Setup script
├── README.md                  # Project documentation

Example

Here is a sample workflow for detecting vulnerabilities on a target website:

  1. Enter the target URL: http://example.com/page?id=1.
  2. Select detection options like:
    • Technique: --technique=T
    • DBMS: --dbms=mysql
  3. Click Run to execute sqlmap.
  4. View results in the output console.

More

To get a list of basic options and switches use:

-h

To get a list of all options and switches use:

-hh

To get an overview of sqlmap capabilities, a list of supported features, and a description of all options and switches, along with examples, you are advised to consult the user’s manual. Use extra/optional command input option to use those extra options and switches. You can find Custom Query option in Enumerate tab.

Requirements

  • Python 3.8+
  • PyQt5
  • sqlmap source

Contribution

Contributions are welcome! To contribute:

  1. Fork this repository.

  2. Create a new branch:

    git checkout -b feature-name

  3. Commit your changes:

    git commit -m "Add new feature"

  4. Push to your branch:

    git push origin feature-name
  5. Open a pull request.

License

This project is licensed under the MIT License, sqlmap license.

To-Do

Add more screenshots of the GUI in action.

  • Enhance error handling.
  • Improve documentation with more examples.
  • More tabs/ more options
  • Background Process
  • JSON import, export
  • History Tab
  • Optimization tab
  • WebScarab proxy
  • Burp proxy
  • sqlmap web
  • Clean terminal/editor
  • GitHub pages with documentation