sqlmap is an open source command-line automatic SQL injection
tool. Its goal is to detect and take advantage of SQL injection
vulnerabilities in web applications. Once it detects one or more
SQL injections on the target host, the user can choose among a
variety of options to perform an extensive back-end database
management system fingerprint, retrieve DBMS session user and
database, enumerate users, password hashes, privileges, databases,
dump entire or user's specified DBMS tables/columns, run his own
SQL statement, read or write either text or binary files on the
file system, execute arbitrary commands on the operating system,
establish an out-of-band stateful connection between the attacker
box and the database server via Metasploit payload stager, database
stored procedure buffer overflow exploitation or SMB relay attack
and more.
Read more https://packetstormsecurity.com/files/155079/sqlmap-1.3.11.tar.gz