macOS
brew install sqlmaplocal Homebrew formula metadata
sudo port install sqlmapMacPorts ports tree · security/sqlmap/Portfile · source: api.github.com
brew
Penetration testing for SQL injection and database servers. Version 1.10.7 via Homebrew; verified 2026-07-01.
install
brew install sqlmaplocal Homebrew formula metadata
sudo port install sqlmapMacPorts ports tree · security/sqlmap/Portfile · source: api.github.com
sudo apk add sqlmapAlpine Linux edge package indexes · sqlmap · source: dl-cdn.alpinelinux.org
sudo apt install sqlmapDebian stable package indexes · sqlmap · source: deb.debian.org
nix profile install nixpkgs#sqlmapnixpkgs package indexes · sqlmap · source: raw.githubusercontent.com
sudo pacman -S sqlmapArch Linux sync databases · sqlmap · source: geo.mirror.pkgbuild.com
sudo zypper install sqlmapopenSUSE Tumbleweed package metadata · sqlmap · source: download.opensuse.org
overview
Penetration testing for SQL injection and database servers
history
sqlmap is an open-source command-line penetration-testing tool for automating SQL injection detection, exploitation, and database-server takeover workflows.
The project history maintained in the official wiki traces sqlmap to a SourceForge registration on July 25, 2006, with an initial MySQL-focused skeleton, PostgreSQL support and version 0.1 later that year, and Bernardo Damele taking over the project in September 2006.
The same official history records a long sequence of security-research-driven releases, including database takeover work presented publicly in 2009, version 0.9 in 2011 with a rewritten detection engine, relocation from SourceForge/Subversion to GitHub on June 26, 2012, stable version 1.0 on February 27, 2016, Python 3 support completed in 2019, and annual stable releases through 1.10 on January 1, 2026.
The official sqlmap history records acceptance into Debian on May 8, 2009 and Ubuntu on June 2, 2009. The supplied Homebrew-derived input also lists packaging across Homebrew, Debian, Ubuntu, Alpine, Arch, MacPorts, Nix, and openSUSE-style zypper ecosystems.
The sqlmap homepage presents it as a mature project with decades of active development and a large contributor base, while the GitHub repository remains the public source and issue-tracking center.
In package-manager and CLI culture, sqlmap is typically installed as a ready-to-run security tool and driven through many command-line switches. The official wiki's usage page documents verbosity, request logging, detection, enumeration, takeover, and bug-reporting workflows.
Package maintainers care about sqlmap because it is a high-profile security CLI with fast-moving detection logic, many optional capabilities, and a long history of distro packaging. Its presence in common package managers makes authorized web-application testing reproducible without vendoring a checkout.
security posture
broad file, network, media, or database tool signal. escape, surveillance, or offensive capability signal.
red risk · medium confidence · escape-surveillance-offensive
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
sqlmap.confexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
sqlmap | cli | global executable | |
sqlmap.py | cli | global executable | |
sqlmapapi | cli | global executable | |
sqlmapapi.py | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/sqlmapproject/sqlmap
install metadata
| Package key | brew:sqlmap |
|---|---|
| Version | 1.10.7 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/sqlmap |
| Homepage | https://sqlmap.org |
| Repository | https://github.com/sqlmapproject/sqlmap |
| Upstream docs | https://github.com/sqlmapproject/sqlmap/wiki |
| License | GPL-2.0-or-later |
| Source archive | https://github.com/sqlmapproject/sqlmap/archive/refs/tags/1.10.7.tar.gz |
| Last updated | 2026-07-01T10:28:17Z |
| Pulse | updated |
| Dependencies | python@3.14 |
| Bottle | available (on all) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | sqlmap |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
sqlmap 1.9.6-1
automatic SQL injection tool
sudo apt install sqlmapsqlmap
nix profile install nixpkgs#sqlmapsqlmap 1.8.4-1
automatic SQL injection tool
sudo apt install sqlmapsqlmap 1.10.5-r0
Automatic SQL injection and database takeover tool
sudo apk add sqlmapsqlmap-pyc 1.10.5-r0
Precompiled Python bytecode for sqlmap
sudo apk add sqlmap-pycsqlmap 1.10.6-1
Automatic SQL injection and database takeover tool
sudo pacman -S sqlmapsqlmap 1.10.5-1.1
Automatic SQL injection and database takeover tool
sudo zypper install sqlmapsqlmap
sudo port install sqlmapsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.