sqlmapchik is a cross-platform sqlmap GUI for popular sqlmap tool. It is primarily aimed to be used on mobile devices (currently Android is supported).
The easiest way to install sqlmapchik on Android device is to download it from Google Play. Note that Google Play version may not include the latest available sqlmap version.
To run sqlmapchik on desktop machine or to build a cutting-edge version of APK:
- git-clone sqlmapchik repository
- cd to sqlmapchik directory
- git-clone sqlmap (make sure that sqlmap containing folder is called
sqlmap
) - install kivy (1.8.0 is OK)
- you should be able to run sqlmapchik with
python main.py
To run sqlmapchik on Android you have two options:
-
build an APK using these instructions. There is a script
android_build.sh
that may help. Don't forget to comment the following lines inblacklist.txt
in your python-for-android distribution folder:# unittest/* # sqlite3/* # lib-dynload/_sqlite3.so # lib-dynload/_lsprof.so # lib-dynload/future_builtins.so
-
use a nice Kivy Launcher. In this case you just need to copy the project directory to /sdcard/kivy/ on your mobile device.
Project is currently in beta (I suppose it will always be as sqlmap is constantly evolving :). At this point, not all of sqlmap features are supported. Here is what doesn't work for sure:
- sqlmap API
- profiling
- log colorizing
- beeping :)
- user-defined function injection
- updating
- metasploit integration
Other features should work. If you find an issue (I bet you will:), don't hesitate to report it on Github, by email, Twitter, pidgin mail etc.
- sqlmap homepage: http://sqlmap.org
- my twitter: @muodov