/jump to repo

Repos Recent Bookmarks Watched Notes Tags Discover Compare Stats GitHub

Repository brief

sqlmapproject/sqlmap

Read the upstream summary on the left, browse the cached forks below it, and load each fork comparison into the right-hand panel.

Cached analysis

cached 2026-03-30T16:03:28.359Z

1mo ago

sqlmapproject/sqlmap

sqlmapproject/sqlmap is a large, active open source security tool for automating SQL injection detection, exploitation, and database takeover. It is widely used, with 36,957 stars and 6,235 forks, and it was updated on 2026-03-30. The repo ships a command-line Python tool, an API entrypoint, documentation, plugins, tamper scripts, and third-party code.

Loading tags...

Stars36,957

Forks6,235

Default branchmaster

Last pushed2026-03-30T08:59:48Z

Recommended shortcuts

Jump straight into Discofork's strongest cached fork picks, or open a compare view in one click.

Forks

Choose a fork to inspect

10 of 10 fork briefs

Maintenance:

Magnitude:

Sort:

Selected

Prefer this fork if you value the added local workflows and are comfortable owning upstream merges. Prefer upstream if you want the newest sqlmap support, especially recent DBMS coverage and fixes.

Prefer upstream unless you specifically need this fork's bundled data and custom exploit workflow. This fork is meaningfully stale and diverged, so it is better for users who want a maintained local snapshot than for users who want current sqlmap features and fixes.

Prefer this fork if your priority is bypass capability and prebuilt evasion workflows. Prefer upstream if you want the newest mainline sqlmap fixes, DBMS support, and broader maintenance cadence.

Prefer this fork if you want a customized sqlmap build with newer-runtime compatibility and extra bundled data/assets. Prefer upstream if you care more about staying current with ongoing fixes, new DBMS support, and lower merge risk.

Prefer upstream unless you explicitly want this fork's customized payload/data set and embedded tooling. This fork looks better for a legacy, self-maintained offensive workflow than for anyone who wants current sqlmap capabilities and active maintenance.

Choose this fork if you want a more customized sqlmap build with extra bundled attack assets and are comfortable accepting UI changes and upstream lag. Stay with upstream if you want the newest fixes, broader compatibility, and the least maintenance risk.

Prefer upstream unless you specifically need this fork's customized shell/payload resources or a frozen codebase. For most users, the stale state and removed UI paths make it a worse default choice than current sqlmap.

Choose upstream unless you specifically want this fork’s custom payload data and shell/backdoor workflow changes. It is materially stale, so it is better suited to controlled, legacy, or experimentation use than as a default production-grade sqlmap base.

Choose this fork only if the fixed download URL matters and you are comfortable being far behind upstream; otherwise upstream is the better default because it is much newer and more complete.

Prefer this fork only if you specifically want its customized payload/data and UI changes. If you want the most current, broadly supported sqlmap, upstream is the safer choice because this fork is stale and significantly diverged.

Fork comparison

gosirys/sqlmap

54/100

slowing

substantial

Prefer this fork if you value the added local workflows and are comfortable owning upstream merges. Prefer upstream if you want the newest sqlmap support, especially recent DBMS coverage and fixes.

Likely purpose

To keep sqlmap usable with a set of local fixes and offensive-security workflow additions, especially around hashing behavior, ICMP shell helpers, and command-execution tooling.

Best for

Penetration testers who want a patched sqlmap with local behavior changes.; Teams that rely on ICMP or command-execution helper workflows and are willing to maintain their own fork.; Users who prefer a pragmatic internal fork over tracking upstream exactly.

Additional features

`--disable-hashing` support for workflows that need to avoid hashing-related behavior.
Local changes around `extra/icmpsh` and `extra/runcmd`, which suggest added or adapted out-of-band command-execution and shell-transport workflows.
Repository-level cleanup such as line-ending normalization and indentation fixes, which make the fork easier to maintain in a constrained environment.
Introduces more operational workflow surface such as server-side handling, auth, session control, or admin tooling.

Missing features

It is 188 commits behind upstream, so it likely misses recent sqlmap fixes and new DBMS support, including the upstream Spanner DBMS work.
It appears to lag current upstream maintenance and bugfix cadence, so adopters should expect to merge upstream security and compatibility fixes themselves.
No evidence here that it keeps pace with upstream’s latest documentation and release-state updates.
Some upstream behavior appears to be removed, disabled, or intentionally stripped down in this fork.
Some upstream operational features such as auth, admin, or session handling may be reduced or absent.
It trails upstream by 188 commits, so some recent upstream features and fixes are likely not present yet.

Strengths

Some meaningful local hardening and usability work beyond a pure mirror.
Touches operationally relevant areas rather than only cosmetic changes.
Recent enough to suggest active use through late 2025.

Risks

Behind upstream by a nontrivial amount, which matters for a security tool.
Core changes are concentrated in `lib/core/common.py`, so merge conflicts are likely.
A custom fork can diverge from upstream behavior in ways that complicate support and upgrades.