sqlmap
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides comprehensive instructions for executing the sqlmap utility and local shell scripts (e.g.,
dump-database.sh,test-all-parameters.sh) to perform security testing on web applications. - [COMMAND_EXECUTION]: Includes automated environment checks using shell commands to verify the presence of the sqlmap binary and associated script files.
- [COMMAND_EXECUTION]: Defines complex command patterns for sensitive operations, including database enumeration (
--dbs), table dumping (--dump), and password hash extraction (--passwords). - [COMMAND_EXECUTION]: Implements evasion techniques such as WAF bypass via tamper scripts and User-Agent randomization.
- [COMMAND_EXECUTION]: Features a built-in target validation mechanism that checks proposed targets against a defined scope file (
.pentest/scope.json) prior to tool execution.
Audit Metadata