= Sqlmap =

Infobox
- Logo: Sqlmap_logo.png
- Logo Size: 250px
- Author: Daniele Bellucci
- License: GNU General Public License, version 2

sqlmap is a software utility for automated discovering of SQL injection vulnerabilities in web applications.
== Research and academic recognition ==

SQLMap has been extensively studied in academic literature as a benchmark for SQL injection detection capabilities. A 2024 study in the International Journal of Innovative Science and Advanced Engineering compared SQLMap against other penetration testing tools and found it demonstrated superior performance in identifying boolean-based and time-based blind SQL injection vulnerabilities across multiple web application frameworks.

Research published in IEEE conferences has highlighted SQLMap's effectiveness in automated vulnerability detection, noting its comprehensive approach to fingerprinting database management systems and exploiting identified vulnerabilities. Another IEEE study categorized SQLMap as a foundational tool in the web application security assessment toolkit, particularly for its ability to automate the process of database takeover through out-of-band connections.
== Usage ==
The tool was used in the 2015 data breach of TalkTalk. In 2016, the Illinois Board of Election was breached using the tool, combined with Acunetix and DirBuster.
