I want to understand the deep theory behind sqlmap - the decision making of the programm - how is it done? Is there any public paper? (There is still an option to read and understand sqlmap code and use -vvv switch).
I'm searching for a visualisation of sqlmap's decision tree.
Note: I know how SQL injection works and I'm familiar with sqlmap's wiki.