# Install sqlmap with Homebrew, apk, apt, MacPorts, Nix, pacman, zypper

Penetration testing for SQL injection and database servers. Version 1.10.7 via Homebrew; verified 2026-07-01.

## Install

```sh
sudo av install brew:sqlmap
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install sqlmap
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install sqlmap
```

  Evidence: MacPorts ports tree: security/sqlmap/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add sqlmap
```

  Evidence: Alpine Linux edge package indexes: sqlmap from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install sqlmap
```

  Evidence: Debian stable package indexes: sqlmap from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- Nix (92%):

```sh
nix profile install nixpkgs#sqlmap
```

  Evidence: nixpkgs package indexes: sqlmap from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix

- pacman (92%):

```sh
sudo pacman -S sqlmap
```

  Evidence: Arch Linux sync databases: sqlmap from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install sqlmap
```

  Evidence: openSUSE Tumbleweed package metadata: sqlmap from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

## Package facts

- **Package key:** brew:sqlmap
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/sqlmap>
- **Version:** 1.10.7
- **Source summary:** Penetration testing for SQL injection and database servers
- **Homepage:** <https://sqlmap.org>
- **Repository:** <https://github.com/sqlmapproject/sqlmap>
- **Upstream docs:** <https://github.com/sqlmapproject/sqlmap/wiki>
- **License:** GPL-2.0-or-later
- **Source archive:** <https://github.com/sqlmapproject/sqlmap/archive/refs/tags/1.10.7.tar.gz>
- **Last updated:** 2026-07-01T10:28:17Z
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- sqlmap (cli)
- sqlmap.py (cli)
- sqlmapapi (cli)
- sqlmapapi.py (cli)
- sqlmap (alias)
- sqlmap.py (alias)
- sqlmapapi (alias)
- sqlmapapi.py (alias)

## Dependencies

- python@3.14

## Install behavior

- Post-install hook: not defined
- Bottle: available on all

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.10.7
- Package-manager updated: 2026-07-01
- Local data: ok
- Upstream repository: https://github.com/sqlmapproject/sqlmap
- Upstream latest detected: 1.10.7 (current)
## Project history and usage

sqlmap is an open-source command-line penetration-testing tool for automating SQL injection detection, exploitation, and database-server takeover workflows.

### Project history

The project history maintained in the official wiki traces sqlmap to a SourceForge registration on July 25, 2006, with an initial MySQL-focused skeleton, PostgreSQL support and version 0.1 later that year, and Bernardo Damele taking over the project in September 2006.

The same official history records a long sequence of security-research-driven releases, including database takeover work presented publicly in 2009, version 0.9 in 2011 with a rewritten detection engine, relocation from SourceForge/Subversion to GitHub on June 26, 2012, stable version 1.0 on February 27, 2016, Python 3 support completed in 2019, and annual stable releases through 1.10 on January 1, 2026.

### Adoption history

The official sqlmap history records acceptance into Debian on May 8, 2009 and Ubuntu on June 2, 2009. The supplied Homebrew-derived input also lists packaging across Homebrew, Debian, Ubuntu, Alpine, Arch, MacPorts, Nix, and openSUSE-style zypper ecosystems.

The sqlmap homepage presents it as a mature project with decades of active development and a large contributor base, while the GitHub repository remains the public source and issue-tracking center.

### How it is used

In package-manager and CLI culture, sqlmap is typically installed as a ready-to-run security tool and driven through many command-line switches. The official wiki's usage page documents verbosity, request logging, detection, enumeration, takeover, and bug-reporting workflows.

### Why package nerds care

Package maintainers care about sqlmap because it is a high-profile security CLI with fast-moving detection logic, many optional capabilities, and a long history of distro packaging. Its presence in common package managers makes authorized web-application testing reproducible without vendoring a checkout.

### Timeline

- 2006: Project registered on SourceForge; version 0.1 released.
- 2009: Accepted into Debian and Ubuntu repositories.
- 2012: Development relocated to GitHub and a new homepage was deployed.
- 2016: Stable version 1.0 released.
- 2019: Python 3 support completed.
- 2026: Stable version 1.10 released.

### Related projects

- The official history and README connect sqlmap workflows to SQL injection testing, database fingerprinting, Metasploit integration, and supported database systems rather than to one single language ecosystem.

### Sources

- <https://github.com/sqlmapproject/sqlmap/wiki/History>
- <https://github.com/sqlmapproject/sqlmap/wiki/Usage>
- <https://sqlmap.org/>
- source_facts.package-manager


## Security Notes

broad file, network, media, or database tool signal. escape, surveillance, or offensive capability signal.

- **Geiger risk:** red / medium
- broad file, network, media, or database tool signal
- escape, surveillance, or offensive capability signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: sqlmap.conf
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** sqlmap
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - sqlmap - 1.9.6-1: normalized package name match | Debian stable package indexes: sqlmap from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | automatic SQL injection tool | https://sqlmap.org/
- Nix - sqlmap: normalized package name match | nixpkgs package indexes: sqlmap from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix
- Ubuntu apt - sqlmap - 1.8.4-1: normalized package name match | Ubuntu 24.04 LTS package indexes: sqlmap from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | automatic SQL injection tool | https://sqlmap.org/
- apk - sqlmap - 1.10.5-r0: normalized package name match | Alpine Linux edge package indexes: sqlmap from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Automatic SQL injection and database takeover tool | https://sqlmap.org/
- apk - sqlmap-pyc - 1.10.5-r0: normalized package name match | Alpine Linux edge package indexes: sqlmap-pyc from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Precompiled Python bytecode for sqlmap | https://sqlmap.org/
- pacman - sqlmap - 1.10.6-1: normalized package name match | Arch Linux sync databases: sqlmap from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Automatic SQL injection and database takeover tool | https://sqlmap.org
- zypper - sqlmap - 1.10.5-1.1: normalized package name match | openSUSE Tumbleweed package metadata: sqlmap from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Automatic SQL injection and database takeover tool | https://sqlmap.org/
- MacPorts - sqlmap: normalized package name match | MacPorts ports tree: security/sqlmap/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Database and data packages](https://www.automicvault.com/pkg/database-data-tools/) - Matched database, SQL, migration, or data-store metadata.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [gotestwaf](https://www.automicvault.com/pkg/brew/gotestwaf/) - Shares av.db curated category or tags: application-security, cli, security, testing.
- [jwt-hack](https://www.automicvault.com/pkg/brew/jwt-hack/) - Shares av.db curated category or tags: cli, security, testing.
- [afl++](https://www.automicvault.com/pkg/brew/afl/) - Shares av.db curated category or tags: cli, security, testing.
- [cycode](https://www.automicvault.com/pkg/brew/cycode/) - Shares av.db curated category or tags: application-security, cli, security.
- [echidna](https://www.automicvault.com/pkg/brew/echidna/) - Shares av.db curated category or tags: cli, security, testing.
- [exploitdb](https://www.automicvault.com/pkg/brew/exploitdb/) - Shares av.db curated category or tags: cli, penetration-testing, security.
- [hydra](https://www.automicvault.com/pkg/brew/hydra/) - Shares av.db curated category or tags: cli, penetration-testing, security.
- [legba](https://www.automicvault.com/pkg/brew/legba/) - Shares av.db curated category or tags: cli, security, testing.
- [pocsuite3](https://www.automicvault.com/pkg/brew/pocsuite3/) - Both packages touch the same language runtime or ecosystem. Shared terms: cli, penetration, penetration-testing, python, python-3-14.
- [theharvester](https://www.automicvault.com/pkg/brew/theharvester/) - Both packages touch the same language runtime or ecosystem. Shared terms: cli, penetration, penetration-testing, python, python-3-14.

## Combined YAML source

View the package source record on GitHub. [combined/sqlmap.yml](https://github.com/automic-vault/db/blob/main/combined/sqlmap.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
