Automic VaultAutomic Vault

brew

Install sqlmap with Homebrew, apk, apt, MacPorts, Nix, pacman, zypper

Penetration testing for SQL injection and database servers. Version 1.10.7 via Homebrew; verified 2026-07-01.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install sqlmap

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install sqlmap

MacPorts ports tree · security/sqlmap/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add sqlmap

Alpine Linux edge package indexes · sqlmap · source: dl-cdn.alpinelinux.org

Debian aptverified · 92%
sudo apt install sqlmap

Debian stable package indexes · sqlmap · source: deb.debian.org

Nixverified · 92%
nix profile install nixpkgs#sqlmap

nixpkgs package indexes · sqlmap · source: raw.githubusercontent.com

Arch Linux pacmanverified · 92%
sudo pacman -S sqlmap

Arch Linux sync databases · sqlmap · source: geo.mirror.pkgbuild.com

openSUSE zypperverified · 92%
sudo zypper install sqlmap

openSUSE Tumbleweed package metadata · sqlmap · source: download.opensuse.org

overview

Package summary

Penetration testing for SQL injection and database servers

Commands and aliases

  • sqlmap
  • sqlmap.py
  • sqlmapapi
  • sqlmapapi.py

history

Project history and usage

sqlmap is an open-source command-line penetration-testing tool for automating SQL injection detection, exploitation, and database-server takeover workflows.

Project history

The project history maintained in the official wiki traces sqlmap to a SourceForge registration on July 25, 2006, with an initial MySQL-focused skeleton, PostgreSQL support and version 0.1 later that year, and Bernardo Damele taking over the project in September 2006.

The same official history records a long sequence of security-research-driven releases, including database takeover work presented publicly in 2009, version 0.9 in 2011 with a rewritten detection engine, relocation from SourceForge/Subversion to GitHub on June 26, 2012, stable version 1.0 on February 27, 2016, Python 3 support completed in 2019, and annual stable releases through 1.10 on January 1, 2026.

Adoption history

The official sqlmap history records acceptance into Debian on May 8, 2009 and Ubuntu on June 2, 2009. The supplied Homebrew-derived input also lists packaging across Homebrew, Debian, Ubuntu, Alpine, Arch, MacPorts, Nix, and openSUSE-style zypper ecosystems.

The sqlmap homepage presents it as a mature project with decades of active development and a large contributor base, while the GitHub repository remains the public source and issue-tracking center.

How it is used

In package-manager and CLI culture, sqlmap is typically installed as a ready-to-run security tool and driven through many command-line switches. The official wiki's usage page documents verbosity, request logging, detection, enumeration, takeover, and bug-reporting workflows.

Why package nerds care

Package maintainers care about sqlmap because it is a high-profile security CLI with fast-moving detection logic, many optional capabilities, and a long history of distro packaging. Its presence in common package managers makes authorized web-application testing reproducible without vendoring a checkout.

Timeline

  • 2006: Project registered on SourceForge; version 0.1 released.
  • 2009: Accepted into Debian and Ubuntu repositories.
  • 2012: Development relocated to GitHub and a new homepage was deployed.
  • 2016: Stable version 1.0 released.
  • 2019: Python 3 support completed.
  • 2026: Stable version 1.10 released.

Related projects

  • The official history and README connect sqlmap workflows to SQL injection testing, database fingerprinting, Metasploit integration, and supported database systems rather than to one single language ecosystem.

security posture

Risk level: red

broad file, network, media, or database tool signal. escape, surveillance, or offensive capability signal.

Risk classifier

red risk · medium confidence · escape-surveillance-offensive

Why

  • broad file, network, media, or database tool signal
  • escape, surveillance, or offensive capability signal

Signals

  • text:database,sql,server
  • text:penetration

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 1 platform targets.
  • Installs with 1 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
sqlmap.conf

executables

Installed executables

CommandKindExposureNote
sqlmapcliglobal executable
sqlmap.pycliglobal executable
sqlmapapicliglobal executable
sqlmapapi.pycliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.10.7
manager updated2026-07-01
local dataok
upstreamcurrent
latest detected1.10.7

https://github.com/sqlmapproject/sqlmap

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:sqlmap
Version1.10.7
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/sqlmap
Homepagehttps://sqlmap.org
Repositoryhttps://github.com/sqlmapproject/sqlmap
Upstream docshttps://github.com/sqlmapproject/sqlmap/wiki
LicenseGPL-2.0-or-later
Source archivehttps://github.com/sqlmapproject/sqlmap/archive/refs/tags/1.10.7.tar.gz
Last updated2026-07-01T10:28:17Z
Pulseupdated
Dependenciespython@3.14
Bottleavailable (on all)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namesqlmap
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

sqlmap 1.9.6-1

automatic SQL injection tool

https://sqlmap.org/

sudo apt install sqlmap
  • Section: net
  • Architecture: all
  • 2 dependencies
  • normalized package name match
  • Matched by: Sqlmap
Debian stable package indexes · deb.debian.org · Debian stable package indexes: sqlmap from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

sqlmap

nix profile install nixpkgs#sqlmap
  • normalized package name match
  • Matched by: Sqlmap
nixpkgs package indexes · raw.githubusercontent.com · nixpkgs package indexes: sqlmap from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix
Ubuntu apt95%

sqlmap 1.8.4-1

automatic SQL injection tool

https://sqlmap.org/

sudo apt install sqlmap
  • Section: universe/net
  • Architecture: all
  • 2 dependencies
  • normalized package name match
  • Matched by: Sqlmap
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: sqlmap from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk95%

sqlmap 1.10.5-r0

Automatic SQL injection and database takeover tool

https://sqlmap.org/

sudo apk add sqlmap
  • License: GPL-2.0-or-later
  • Architecture: x86_64
  • Source Package: sqlmap
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Sqlmap
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: sqlmap from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
apk95%

sqlmap-pyc 1.10.5-r0

Precompiled Python bytecode for sqlmap

https://sqlmap.org/

sudo apk add sqlmap-pyc
  • License: GPL-2.0-or-later
  • Architecture: x86_64
  • Source Package: sqlmap
  • 1 dependencies
  • normalized package name match
  • Matched by: Sqlmap
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: sqlmap-pyc from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
pacman95%

sqlmap 1.10.6-1

Automatic SQL injection and database takeover tool

https://sqlmap.org

sudo pacman -S sqlmap
  • License: GPL-2.0-or-later
  • Architecture: any
  • 2 dependencies
  • 2 optional deps
  • normalized package name match
  • Matched by: Sqlmap
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: sqlmap from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

sqlmap 1.10.5-1.1

Automatic SQL injection and database takeover tool

https://sqlmap.org/

sudo zypper install sqlmap
  • License: GPL-2.0-or-later
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: sqlmap
  • 5 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Sqlmap
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: sqlmap from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

sqlmap

sudo port install sqlmap
  • normalized package name match
  • Matched by: Sqlmap
MacPorts ports tree · api.github.com · MacPorts ports tree: security/sqlmap/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment