sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. sqlmap是一款开源的注入工具，支持几乎所有的数据库，支持get/post/cookie注入，支持错误回显注入/盲注，还有其他多种注入方法。 支持代理，指纹识别技术判断数据库 。 本文提供的是GUI界面的SqlMap。 http://code.google.com/p/gui-for-sqlmap/   汉化版sqm(SqlmapGUI) http://down.qiannao.com/space/file/qiannao/share/2012/3/29/sqm_f4ck.tar/.page 使用方法： 进入pyttk-0.3-py3k目录，执行如下语句安装ttk模块：sudo python setup.py install 将sqm.pyw和cfg_dir拷贝到与sqlmap同一目录下，执行命令   感谢会员gmwshz投递