Repository brief

sqlmapproject/sqlmap

Read the upstream summary on the left, browse the cached forks below it, and load each fork comparison into the right-hand panel.

Cached analysis

cached 2026-03-30T16:03:28.359Z

sqlmapproject/sqlmap

sqlmapproject/sqlmap is a large, active open source security tool for automating SQL injection detection, exploitation, and database takeover. It is widely used, with 36,957 stars and 6,235 forks, and it was updated on 2026-03-30. The repo ships a command-line Python tool, an API entrypoint, documentation, plugins, tamper scripts, and third-party code.

GitHub

Stars36,957

Forks6,235

Default branchmaster

Last pushed2026-03-30T08:59:48Z

Best maintainedNone

Closest to upstreamcybervaca/sqlmap

Most feature-richsantoshakil/sqlmap

Most opinionatedsantoshakil/sqlmap

Forks

Choose a fork to inspect

10 cached fork briefs

Fork comparison

gosirys/sqlmap

slowing

substantial

Prefer this fork if you value the added local workflows and are comfortable owning upstream merges. Prefer upstream if you want the newest sqlmap support, especially recent DBMS coverage and fixes.

Likely purpose

To keep sqlmap usable with a set of local fixes and offensive-security workflow additions, especially around hashing behavior, ICMP shell helpers, and command-execution tooling.

Best for

Penetration testers who want a patched sqlmap with local behavior changes.; Teams that rely on ICMP or command-execution helper workflows and are willing to maintain their own fork.; Users who prefer a pragmatic internal fork over tracking upstream exactly.

Additional features

`--disable-hashing` support for workflows that need to avoid hashing-related behavior.
Local changes around `extra/icmpsh` and `extra/runcmd`, which suggest added or adapted out-of-band command-execution and shell-transport workflows.
Repository-level cleanup such as line-ending normalization and indentation fixes, which make the fork easier to maintain in a constrained environment.
Introduces more operational workflow surface such as server-side handling, auth, session control, or admin tooling.

Missing features

It is 188 commits behind upstream, so it likely misses recent sqlmap fixes and new DBMS support, including the upstream Spanner DBMS work.
It appears to lag current upstream maintenance and bugfix cadence, so adopters should expect to merge upstream security and compatibility fixes themselves.
No evidence here that it keeps pace with upstream’s latest documentation and release-state updates.
Some upstream behavior appears to be removed, disabled, or intentionally stripped down in this fork.
Some upstream operational features such as auth, admin, or session handling may be reduced or absent.
It trails upstream by 188 commits, so some recent upstream features and fixes are likely not present yet.

Strengths

Some meaningful local hardening and usability work beyond a pure mirror.
Touches operationally relevant areas rather than only cosmetic changes.
Recent enough to suggest active use through late 2025.

Risks

Behind upstream by a nontrivial amount, which matters for a security tool.
Core changes are concentrated in `lib/core/common.py`, so merge conflicts are likely.
A custom fork can diverge from upstream behavior in ways that complicate support and upgrades.