Beginner's Guide to sqlmap

Learn how to find your first SQL injection with the popular and powerful sqlmap tool
Rating: 4.2 out of 5 (6 ratings)
1,638 students
English [Auto]
Learn what sqlmap is and how it's used to test web applications for SQL injection vulnerabilities
Learn how to download and install the latest version of sqlmap
Learn how to create a home lab environment to safely and legally attack web applications with SQL injections
Learn about some of the most useful options and configurations sqlmap has to offer for beginners
Find and exploit your first SQL injections with sqlmap
Learn how to enumerate vulnerable database information (such as database names, schema, tables, and data within those tables)
Learn how to use built-in password cracking functionality to extract and crack user passwords stored within vulnerable databases


  • Experience with SQL (you should know what SQL is)
  • Experience working with web applications (you should understand how apps use databases)
  • Experience working with databases (at least a high-level understanding of how databases work)
  • Knowledge of different database engines (ie: you should know what MySQL means)


About the course:

Learn to use one of the most popular tools to find SQL injection vulnerabilities: sqlmap.

In this course, we start out by creating a simple, free, and quick home lab environment with Virtual Box, Kali Linux, and Docker. I'll walk you through step-by-step how to do that, so don't worry if it sounds intimidating! After that, we download and install the latest version of sqlmap. Then, we look at some of the most important and useful features and options for beginners to get started with. Finally, we launch SQL injection attacks against our lab environment in order to extract information from the vulnerable database.

sqlmap can be used to extract information such as database schema, database names, table names, password hashes, and more. It even includes a built-in password cracker which we demonstrate by cracking all of the passwords stored in the users table of the database.

This course is meant to be easy to follow so that you can quickly learn how to get started with sqlmap. So whether you are interested in becoming a web pentester, or whether you are interested in learning how to make web applications more secure, this course will help you understand what tools and techniques can be used to automate SQL injection attacks and complement manual exploration.


Please note: Performing these attacks on environments you do not have explicit permissions for is illegal and will get you in trouble. That is not the purpose of this course. The purpose is to teach you how to secure your own applications by providing a safe learning environment.



My name is Christophe Limpalair, and I have helped thousands of individuals pass IT certifications, learn how to use the cloud, and develop secure applications. I got started in IT at the age of 11 and unintentionally fell into the world of cybersecurity. Fast-forward to today, and I've co-founded a fast-growing cybersecurity community, Cybr, that also provides training resources.

As I developed a strong interest in programming and cloud computing, my focus for the past few years has been training thousands of individuals in small, medium, and large businesses (including Fortune 500) on how to use cloud providers (such as Amazon Web Services) efficiently, and how to develop more secure applications.

I've taught certification courses such as the AWS Certified Developer, AWS Certified SysOps Administrator, and AWS Certified DevOps Professional, as well as non-certification courses such as Introduction to Application Security (AppSec), SQL Injection Attacks, Introduction to OS Command Injections, Lambda Deep Dive, Backup Strategies, and others.

Working with individual contributors as well as managers, I realized that most were also facing serious challenges when it came to cybersecurity.

Digging deeper, it became clear that there was a lack of training for AppSec specifically. As we explore in the course, SQL injection vulnerabilities can be absolutely devastating when exploited, but preventing SQL injections is actually quite simple. So my goal with this course is to help you get started on your journey of learning the tools, techniques, and concepts to properly find injection vulnerabilities in your own applications (or your client's).

It's time to take security into our own hands and to learn how to build more secure software in order to help make the world a safer place! Join me in the course, and we'll do just that!

I welcome you on your journey to learning more about sqlmap, and I look forward to being your instructor!

Who this course is for:

  • Beginner web pentesters
  • Web developers
  • Application Security Engineers
  • Pentesters
  • Security Researchers
  • Database Administrators

Course content

4 sections9 lectures36m total length
  • About the course
  • About sqlmap
  • Pre-requisites


Co-Founder of Cybr, entrepreneur, and developer at heart
Christophe Limpalair
  • 4.6 Instructor Rating
  • 433 Reviews
  • 26,850 Students
  • 5 Courses

After writing his first lines of code at the age of 11, Christophe developed a passion for technology. Frustrated with the state & cost of education, he spent the last few years training individuals and organizations (SMB & F500) on how to use the cloud by pioneering hands-on training technologies. After his journey of building two successful IT businesses to acquisition in the last six years, he realized that most struggle with building secure software, so he co-founded Cybr to help make the world a more secure place through community and training.

We're here to help you build your cybersecurity career
Cybr Training
  • 4.6 Instructor Rating
  • 433 Reviews
  • 26,825 Students
  • 5 Courses

We are an online community and training platform, and we're here to help you build your cybersecurity career.

Cybr was founded in 2020 by veterans of the IT and training industries who have helped individuals learn new skills and get certified, and businesses deploy training initiatives across their organization.

We believe that the world can be a safer place through training and community, and we intend to carry out that mission one person at a time! Join us on this mission and build your cybersecurity career regardless of your current skill level.