SQLMap Database Penetration Testing
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for obtaining a remote shell or executing arbitrary operating system commands on the target server using the --os-shell and --os-cmd flags.
- [DATA_EXFILTRATION]: Methodology is included for dumping entire database tables and reading sensitive system files, such as /etc/passwd, via the --file-read flag.
- [REMOTE_CODE_EXECUTION]: The skill documents how to upload arbitrary files to a target server using the --file-write and --file-dest flags, which can facilitate the placement of web shells.
- [CREDENTIALS_UNSAFE]: Explicit instructions are provided to extract usernames, passwords, and password hashes from target databases for further exploitation.
Audit Metadata