Sqlmap calls itself an: Automatic SQL injection and database takeover tool. This is software that tests websites and databases by attacking it. Sqlmap is a Github-project and can be downloaded by every user. This means that users can test their own domains with Sqlmap, but can also attack other domains, as has happened in the past. If you find this bot and don't know its origins, it's users are probably maleficent. Sqlmap advises its users the following: Usage of sqlmap for attacking targets without prior mutual consent is illegal.
The Internet of Bots has evaluated Sqlmap against 50 different checkpoints, of which 14 have been confirmed as being positive. These checkpoints evaluate the transparency and occurrence of a bot and don´t necessarily say something about its quality. The BotRank is calculated as [14*2=] 28%. The details of the bot and the BotRank can be seen below. For more information on how the BotRank is made, you can visit the page Botrank.