diff --git a/packages.txt b/packages.txt
index 1d0f7d6c0cc..905f4538e0a 100644
--- a/packages.txt
+++ b/packages.txt
@@ -821,6 +821,7 @@ slirp4netns
 local-path-provisioner
 fuse-overlayfs
 fuse-overlayfs-snapshotter
+sqlmap
 kots
 upx
-k3s
+k3s
\ No newline at end of file
diff --git a/sqlmap.yaml b/sqlmap.yaml
new file mode 100644
index 00000000000..dcc45488273
--- /dev/null
+++ b/sqlmap.yaml
@@ -0,0 +1,37 @@
+package:
+  name: sqlmap
+  version: 1.7.6
+  epoch: 0
+  description: "a tool that automates the process of detecting and exploiting SQL injection flaws"
+  copyright:
+    - license: GPL-2.0
+  dependencies:
+    runtime:
+      - python3
+
+environment:
+  contents:
+    packages:
+      - python3
+      - busybox
+
+pipeline:
+  - uses: git-checkout
+    with:
+      repository: https://github.com/sqlmapproject/sqlmap
+      tag: ${{package.version}}
+      expected-commit: 153a40bf137a9127265921bd6d8a3aca404d74bf
+      destination: sqlmap
+
+  - runs: |
+      mkdir -p "${{targets.destdir}}"/usr/share/app/sqlmap && mkdir -p "${{targets.destdir}}"/usr/bin
+      mv sqlmap/* "${{targets.destdir}}"/usr/share/app/sqlmap
+      ln -s /usr/share/app/sqlmap/sqlmap.py "${{targets.destdir}}"/usr/bin/sqlmap
+      find "${{targets.destdir}}"/usr/share/app/sqlmap \( -type d -name doc \) -exec rm -rf '{}' \+
+
+  - uses: strip
+
+update:
+  enabled: true
+  github:
+    identifier: sqlmapproject/sqlmap