How to Install and run Sqlmap on Windows

By | July 29, 2020

Sqlmap is the most popular tool for automated exploitation of sql injection vulnerability and database takeover. Its written in python is cross platform.

If you are using Backtrack then sqlmap comes pre packaged in it. In this post I am going to show you the simple process to setup and run sqlmap on windows.

1. Download and install Python

Since sqlmap is written in python, the first thing you need is the python interpreter. Download the python interpreter from https://www.python.org/.

Windows installers can be found here:
https://www.python.org/downloads/windows/

There are two series of python, 2.7.x and 3.3.x. Sqlmap should run fine with either.
So download and install it.

2. Download and install Sqlmap

Next download the sqlmap zip file from sqlmap.org.
Extract the zip files in any directory.

Launch the dos prompt and navigate to the directory of sqlmap. Now run the sqlmap.py script with the python interpreter.

C:\sqlmapproject-sqlmap-2defc30>python ./sqlmap.py
Usage: ./sqlmap.py [options]

sqlmap.py: error: missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wiza
rd, --update, --purge-output or --dependencies), use -h for basic or -hh for adv
anced help

Press Enter to continue...

That was easy! Sqlmap is asking for some parameters so that it can hack something.

Conclusion

Now that you have finished installing sqlmap and are ready to run it, you might want to read some tutorial on how to use sqlmap. Check out the following post:

https://www.binarytides.com/sqlmap-hacking-tutorial/

The source code of Sqlmap is hosted on github. Check it out here:
https://github.com/sqlmapproject/sqlmap

About Silver Moon

A Tech Enthusiast, Blogger, Linux Fan and a Software Developer. Writes about Computer hardware, Linux and Open Source software and coding in Python, Php and Javascript. He can be reached at [email protected].

19 Comments

How to Install and run Sqlmap on Windows
  1. mariana

    c:\>\sqlmapproject-sqlmap-2defc30>python ./sqlmap.py
    Access is denied.

    c:\>Usage: ./sqlmap.py [options]
    ‘Usage:’ is not recognized as an internal or external command,
    operable program or batch file.

    c:\>

  2. Alfred

    I have installed python ..I have extracted the file ive opened the sqlmap python file but then it says press enter to continue which I do and the tab just closes..I’ve tried many times same thing keeps happening I’m confused

    1. anthony

      you have to put sqlmap -u then the website example sqlmap -u http://www.usbank.com.php?id=4234 –dms –random-agent then enter otherwise it closes the cmd dont get why it does this on windows because linux keeps the terminal live untill you close it ! if you need info on setting your configurations just enter sqlmap –help for a full list of options!

  3. Nishant

    hi ,

    I am getting an issue in sqlmap.When i am downloading the file for sqlmap it is not showing the last two file i.e(sqlmap,sqlmapapi)with.exe exection .When I run whole process in cmd then it is not showing anything only taking the cursor to next line . Please help me out.

    1. Karthik

      Hi Nishant,

      install python first in any directory and download and install sqlmap in python directory then open desktop create shortcut for cmd and edit this path in properties (sqlmap location) then apply and ok then open this sqlmap cmd shortcut yay!! its open…………………….. then type ./sqlmap.py or sqlmap.py its confirm open.

  4. Scot

    YOu dumbass…you say sqlmap should work with either version of python. I downloaded 3.6 python and guess what? I got a CRITICAL ERROR,….INCOMPATIBLE VERSION OF PYTHON…DOWNLOAD 2.7 VERSION!

    So you don’t know WHAT THE FUCK YOU ARE TALKING ABOUT…..

  5. ERROR

    The instructions say 3.3 is ok where in fact it’s NOT!

    Error: For successfully running sqlmap you’ll have to use version 2.6 or 2.7 (visit ‘http://www.python.org/download/’)

    1. JAMMYS

      YOU MIS UNDERSTAND EVERYTHING. BOTH IS WORKING FINE. BUT 2.6 OR 2.7 FOR 64 BIT. WHY D OTHER ONE IS FOR 32BIT

  6. Kana

    It is still the case of installing Python 2.6 or 2.7:

    [CRITICAL] incompatible Python version detected (‘3.4.2’). For successfully running sqlmap you’ll have to use version 2.6 or 2.7 (visit ‘http://www.python.org/download/’)

    If you get the error “python is not recognized as internal or external command”: add the path to python.exe to the Windows environment variables Path

  7. Mr Ho3eiN

    i run sqlmap.py but show a error message:

    File “sqlmap.py”, line 104
    except SqlmapBaseException, ex:
    ^
    SyntaxError: invalid syntax

    What’s the problem ?
    Please reply

    1. erm3nda

      “except SqlmapBaseException, ex:”

      If syntax is wrong, then you used the wrong interpreter. Probably (SURE) you tried with Python3.
      Using tools REQUIRES read at least how to use. Doing those things without read docs could end in “shooting yourself into the foot”.

      simple google search: This makes sqlmap a cross-platform application which is independant of the operating system. sqlmap requires Python version 2.6.x or 2.7.x. To make it even…etc

      Particularily this is related to the except clause, that in python3 should be:
      except SqlmapBaseException as ex:

      From: http://www.python-course.eu/python3_exception_handling.php

    2. Phyxsco (XeProductions - CEO]

      when running pyton scripts via cmd you must gain super user privledges (root) + then navigate to the directory of python for example on linux distros you would use this
      root@kali$> “cd home/this-will/be path to you/sqlmap-directory/’
      so assuming it is sort of the same process,
      1. GAIN ROOT ALWAYS
      2. MAKE SURE YOU KNOW THE PATH DO THE SQLMAP DIR (ALSO EXTRACT IT IF ITS ZIP/RAR/7Zip
      3. NAVIGATE TO THE ABOVE LOCATION USING >cd home/root/downloads/sqlmap-win10exam
      4. If it put you in sqlmap direcotry or u notice a change in cd (current directory) on cmd… go ahead and use this it should work all things above ^ python.py sqlmap.py –wizard

Leave a Reply

Your email address will not be published. Required fields are marked *