# SQLMap AI Assistant
An AI-powered wrapper around SQLMap that makes SQL injection testing more accessible and automated.
## Features
- AI-assisted SQL injection testing
- Automated result analysis and next step suggestions
- User-friendly output and reporting
- **NEW: Adaptive step-by-step testing with DBMS-specific optimizations and WAF bypass**
- **NEW: Ollama support for local AI analysis**
<img src="sqlmap.gif"/>
## Quick Start
### Step 1: Install SQLMap AI
```bash
# Clone the repository
git clone https://github.com/atiilla/sqlmap-ai.git
cd sqlmap-ai
# Install the package
pip install -e .
# Run installation check (sets up SQLMap and creates config files)
sqlmap-ai --install-check
pip install sqlmap-ai
```
### Step 2: Configure AI Providers
Choose one or more AI providers to use:
#### Option A: Groq (Recommended - Fastest)
1. Get a free API key from [https://console.groq.com](https://console.groq.com)
2. Add to your `.env` file:
```bash
GROQ_API_KEY=your_groq_api_key_here
```
#### Option B: OpenAI
1. Get an API key from [https://platform.openai.com](https://platform.openai.com)
2. Add to your `.env` file:
```bash
OPENAI_API_KEY=your_openai_api_key_here
```
#### Option C: Anthropic (Claude)
1. Get an API key from [https://console.anthropic.com](https://console.anthropic.com)
2. Add to your `.env` file:
```bash
ANTHROPIC_API_KEY=your_anthropic_api_key_here
```
#### Option D: Ollama (Local AI - Privacy Focused)
1. Install Ollama: [https://ollama.ai/download](https://ollama.ai/download)
2. Start Ollama service:
```bash
ollama serve
```
3. Download a model:
```bash
ollama pull llama3.2
```
4. Enable in your `.env` file:
```bash
ENABLE_OLLAMA=true
OLLAMA_MODEL=llama3.2
```
### Step 3: Run Configuration Wizard
```bash
# Interactive setup
sqlmap-ai --config-wizard
```
This will:
- Check your AI provider setup
- Let you select Ollama models (if using Ollama)
- Configure security settings
- Set up SQLMap options
### Step 4: Test Your Setup
```bash
# Check if everything is working
sqlmap-ai --check-providers
# List available Ollama models (if using Ollama)
sqlmap-ai --list-ollama-models
```
## Usage Examples
### Basic SQL Injection Test
```bash
# Test a vulnerable website
sqlmap-ai -u "http://example.com/page.php?id=1"
# Use specific AI provider
sqlmap-ai -u "http://example.com/page.php?id=1" --ai-provider groq
```
### HTTP Request File Testing (NEW!)
```bash
# Test using HTTP request capture file
sqlmap-ai -r request.txt
# Enhanced mode with request file and adaptive testing
sqlmap-ai --enhanced --adaptive -r request.txt
# With specific AI provider
sqlmap-ai --enhanced -r request.txt --ai-provider groq
# Simple mode with request file
sqlmap-ai --simple -r request.txt
```
**Request File Format:**
```http
POST /login.php HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
username=admin&password=test
```
**Creating Request Files:**
1. **From Browser Developer Tools:**
- Open Developer Tools (F12)
- Go to Network tab
- Perform the action you want to test
- Right-click the request → Copy → Copy as cURL
- Convert cURL to HTTP format
2. **From Burp Suite:**
- Intercept the request
- Right-click → Save item
- Save as .txt file
3. **From OWASP ZAP:**
- Right-click request → Export → HTTP Message
- Save as .txt file
**Supported Request Types:**
- [x] GET requests with parameters
- [x] POST requests with form data
- [x] POST requests with JSON data
- [x] Requests with cookies
- [x] Requests with custom headers
- [x] Multipart form data
### Advanced Testing
```bash
# Adaptive testing (recommended)
sqlmap-ai --adaptive
# Simple mode (basic SQLMap without AI)
sqlmap-ai --simple -u "http://example.com/page.php?id=1"
# Enhanced mode with custom options
sqlmap-ai --enhanced -u "http://example.com/page.php?id=1" --level 3 --risk 2
```
### AI Provider Selection
```bash
# Use Groq (fastest)
sqlmap-ai -u "http://example.com/page.php?id=1" --ai-provider groq
# Use Ollama (local, private)
sqlmap-ai -u "http://example.com/page.php?id=1" --ai-provider ollama
# Use OpenAI
sqlmap-ai -u "http://example.com/page.php?id=1" --ai-provider openai
# Auto-select best available
sqlmap-ai -u "http://example.com/page.php?id=1" --ai-provider auto
```
### Complete Testing Workflow
```bash
# 1. Basic scan with URL
sqlmap-ai -u "http://example.com/page.php?id=1"
# 2. Enhanced scan with request file
sqlmap-ai --enhanced --adaptive -r captured_request.txt
# 3. Advanced scan with custom options
sqlmap-ai --enhanced -r request.txt --level 4 --risk 3 --threads 10
# 4. Simple mode for quick testing
sqlmap-ai --simple -r request.txt --batch
```
## Testing Modes
### Enhanced Mode (Default)
Full AI-powered testing with advanced features:
```bash
# Basic enhanced scan
sqlmap-ai --enhanced -u "http://example.com/page.php?id=1"
# With request file
sqlmap-ai --enhanced -r request.txt
# Adaptive testing with AI analysis
sqlmap-ai --enhanced --adaptive -r request.txt --ai-provider groq
```
**Features:**
- AI-powered vulnerability analysis
- Adaptive testing strategies
- WAF evasion techniques
- Beautiful HTML reports
- Risk assessment and remediation guidance
- Interactive CLI with progress tracking
- Multiple AI providers (Groq, OpenAI, Anthropic, Ollama)
- Advanced configuration management
- Request file support (NEW!)
### Simple Mode
Basic SQL injection testing without AI features:
```bash
# Basic simple scan
sqlmap-ai --simple -u "http://example.com/page.php?id=1"
# With request file
sqlmap-ai --simple -r request.txt
# Quick batch mode
sqlmap-ai --simple -r request.txt --batch
```
**Features:**
- Basic SQL injection detection
- Standard SQLMap functionality
- Minimal dependencies
- Fast execution
- Request file support (NEW!)
- Simple text output
- Basic result saving
### Adaptive Mode
Intelligent step-by-step testing that adapts to the target:
```bash
# Full adaptive testing
sqlmap-ai --enhanced --adaptive -r request.txt
# With specific AI provider
sqlmap-ai --enhanced --adaptive -r request.txt --ai-provider groq
```
**Adaptive Steps:**
1. **🟢 Initial Assessment** - Check for SQL injection vulnerabilities
2. **🟠 DBMS Identification** - Detect database type (MySQL, PostgreSQL, etc.)
3. **🔴 Enhanced Testing** - Try more aggressive techniques
4. **🟣 Data Extraction** - Extract valuable data from identified tables
5. **🤖 AI Analysis** - Get AI recommendations for next steps
## AI Providers Comparison
| Provider | Setup | Speed | Privacy | Cost |
|----------|-------|-------|---------|------|
| **Groq** | API Key | ⚡ Fastest | Cloud | Free tier available |
| **OpenAI** | API Key | ⚡ Fast | Cloud | Pay per use |
| **Anthropic** | API Key | ⚡ Fast | Cloud | Pay per use |
| **Ollama** | Local install | Fast | 🔒 Local | Free |
## Configuration Files
### .env File
Created automatically by `sqlmap-ai --install-check`:
```bash
# AI Provider API Keys
GROQ_API_KEY=your_groq_api_key_here
OPENAI_API_KEY=your_openai_api_key_here
ANTHROPIC_API_KEY=your_anthropic_api_key_here
# Ollama Settings (if using local AI)
ENABLE_OLLAMA=false
OLLAMA_BASE_URL=http://localhost:11434
OLLAMA_MODEL=llama3.2
# Security Settings
MAX_REQUESTS_PER_MINUTE=60
SAFE_MODE=true
AUDIT_LOGGING=true
```
### config.yaml
Created automatically by `sqlmap-ai --config-wizard`:
```yaml
version: "2.0"
security:
safe_mode: true
max_requests_per_minute: 60
audit_logging: true
sqlmap:
default_timeout: 120
default_risk: 1
default_level: 1
default_threads: 5
ui:
show_banner: true
interactive_mode: false
```
## Troubleshooting
### Common Issues
**1. "No AI providers available"**
- Check your `.env` file has correct API keys
- Run `sqlmap-ai --check-providers` to verify
**2. "Ollama not detected"**
- Make sure Ollama is running: `ollama serve`
- Check if models are installed: `ollama list`
- Verify `.env` has `ENABLE_OLLAMA=true`
**3. "SQLMap not found"**
- Run `sqlmap-ai --install-check` to install SQLMap
- Or install manually: `pip install sqlmap`
**4. "Configuration issues"**
- Run `sqlmap-ai --config-wizard` to fix setup
- Check `sqlmap-ai --validate-config` for issues
**5. "Request file not working"**
- Ensure request file has proper HTTP format
- Check that Host header is present
- Verify request file path is correct
- Try with `--simple` mode first: `sqlmap-ai --simple -r request.txt`
**6. "URL validation failed"**
- When using request files, the URL is automatically extracted
- Ensure request file contains valid HTTP request
- Check that the Host header matches the target domain
### Getting Help
```bash
# Show all available commands
sqlmap-ai --help
# Show enhanced mode help
sqlmap-ai --enhanced --help
# Show simple mode help
sqlmap-ai --simple --help
```
## Advanced Features
### Adaptive Testing Mode
Automatically adapts testing strategy based on target:
```bash
sqlmap-ai --adaptive
```
This mode:
1. **Initial Assessment** - Check for SQL injection vulnerabilities
2. **DBMS Identification** - Detect database type
3. **DBMS-Specific Attacks** - Use optimized techniques
4. **WAF Bypass** - Automatically select tamper scripts
5. **Data Extraction** - Extract sensitive information
6. **Alternative Testing** - Test POST, cookies, headers
### Ollama Model Selection
If using Ollama, you can select different models:
```bash
# List available models
sqlmap-ai --list-ollama-models
# Interactive model selection
sqlmap-ai --config-wizard
```
Popular models:
- **llama3.2** - Good general performance
- **codellama** - Specialized for code analysis
- **mistral** - Fast and efficient
- **qwen2.5** - Good reasoning capabilities
### Result:
```json
{
"timestamp": 1755896586,
"scan_info": {
"vulnerable_parameters": [
"cat"
],
"techniques": [
"MySQL"
],
"databases": [],
"tables": [],
"columns": {},
"dbms": "back-end DBMS: MySQL >= 5.6",
"os": "Unknown",
"waf_detected": false,
"web_app": [],
"payloads": [],
"raw_result": "[+] the following parameters are vulnerable to SQL injection:\n Parameter: cat (GET)\n[+] back-end DBMS: back-end DBMS: MySQL >= 5.6\n[+] banner: 8.0.22-0ubuntu0.20.04.2",
"url": "",
"extracted": {}
},
"scan_history": [
{
"step": "initial_reconnaissance",
"command": "sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --fingerprint --dbs",
"result": {
"vulnerable_parameters": [
"cat"
],
"techniques": [
"MySQL"
],
"databases": [
"acuart",
"information_schema"
],
"tables": [],
"columns": {},
"dbms": "back-end DBMS: MySQL >= 5.6",
"os": "Unknown",
"waf_detected": false,
"web_app": [],
"payloads": [],
"raw_result": "[+] the following parameters are vulnerable to SQL injection:\n Parameter: cat (GET)\n[+] back-end DBMS: back-end DBMS: MySQL >= 5.6\n[+] banner: 8.0.22-0ubuntu0.20.04.2\n[+] available databases [2]:\n[*] acuart\n[*] information_schema",
"url": "",
"extracted": {}
}
},
{
"step": "follow_up_scan",
"command": "sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 ['-D acuart --tables', '-D acuart --columns', '-D acuart -T users --dump']",
"result": {
"vulnerable_parameters": [
"cat"
],
"techniques": [
"MySQL"
],
"databases": [],
"tables": [],
"columns": {},
"dbms": "back-end DBMS: MySQL >= 5.6",
"os": "Unknown",
"waf_detected": false,
"web_app": [],
"payloads": [],
"raw_result": "[+] the following parameters are vulnerable to SQL injection:\n Parameter: cat (GET)\n[+] back-end DBMS: back-end DBMS: MySQL >= 5.6\n[+] banner: 8.0.22-0ubuntu0.20.04.2",
"url": "",
"extracted": {}
}
}
]
}
```
## Requirements
- Python 3.8+
- SQLMap (installed automatically)
- Internet connection (for cloud AI providers)
- 2GB+ RAM (for Ollama local models)
## License
This project is licensed under the MIT License.
## Disclaimer
This tool is intended for educational and ethical hacking purposes only. Always obtain permission before testing any system or application. The developers are not responsible for any misuse or damage caused by this tool.
## Star History
[](https://www.star-history.com/#atiilla/sqlmap-ai&Date)
Raw data
{
"_id": null,
"home_page": "https://github.com/atiilla/sqlmap-ai",
"name": "sqlmap-ai",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "Atilla <attilla@tuta.io>",
"keywords": "sqlmap, sql-injection, security, ai, penetration-testing, cybersecurity",
"author": "Atilla",
"author_email": "Atilla <attilla@tuta.io>",
"download_url": "https://files.pythonhosted.org/packages/de/20/557964f063ef13b13f795c8d32276457d2ea421c558041831232b2028f9c/sqlmap_ai-2.0.2.tar.gz",
"platform": null,
"description": "# SQLMap AI Assistant\r\n\r\nAn AI-powered wrapper around SQLMap that makes SQL injection testing more accessible and automated.\r\n\r\n## Features\r\n\r\n- AI-assisted SQL injection testing\r\n- Automated result analysis and next step suggestions\r\n- User-friendly output and reporting\r\n- **NEW: Adaptive step-by-step testing with DBMS-specific optimizations and WAF bypass**\r\n- **NEW: Ollama support for local AI analysis**\r\n\r\n<img src=\"sqlmap.gif\"/>\r\n\r\n## Quick Start\r\n\r\n### Step 1: Install SQLMap AI\r\n\r\n```bash\r\n# Clone the repository\r\ngit clone https://github.com/atiilla/sqlmap-ai.git\r\ncd sqlmap-ai\r\n\r\n# Install the package\r\npip install -e .\r\n\r\n# Run installation check (sets up SQLMap and creates config files)\r\nsqlmap-ai --install-check\r\n\r\npip install sqlmap-ai\r\n```\r\n\r\n### Step 2: Configure AI Providers\r\n\r\nChoose one or more AI providers to use:\r\n\r\n#### Option A: Groq (Recommended - Fastest)\r\n1. Get a free API key from [https://console.groq.com](https://console.groq.com)\r\n2. Add to your `.env` file:\r\n```bash\r\nGROQ_API_KEY=your_groq_api_key_here\r\n```\r\n\r\n#### Option B: OpenAI\r\n1. Get an API key from [https://platform.openai.com](https://platform.openai.com)\r\n2. Add to your `.env` file:\r\n```bash\r\nOPENAI_API_KEY=your_openai_api_key_here\r\n```\r\n\r\n#### Option C: Anthropic (Claude)\r\n1. Get an API key from [https://console.anthropic.com](https://console.anthropic.com)\r\n2. Add to your `.env` file:\r\n```bash\r\nANTHROPIC_API_KEY=your_anthropic_api_key_here\r\n```\r\n\r\n#### Option D: Ollama (Local AI - Privacy Focused)\r\n1. Install Ollama: [https://ollama.ai/download](https://ollama.ai/download)\r\n2. Start Ollama service:\r\n```bash\r\nollama serve\r\n```\r\n3. Download a model:\r\n```bash\r\nollama pull llama3.2\r\n```\r\n4. Enable in your `.env` file:\r\n```bash\r\nENABLE_OLLAMA=true\r\nOLLAMA_MODEL=llama3.2\r\n```\r\n\r\n### Step 3: Run Configuration Wizard\r\n\r\n```bash\r\n# Interactive setup\r\nsqlmap-ai --config-wizard\r\n```\r\n\r\nThis will:\r\n- Check your AI provider setup\r\n- Let you select Ollama models (if using Ollama)\r\n- Configure security settings\r\n- Set up SQLMap options\r\n\r\n### Step 4: Test Your Setup\r\n\r\n```bash\r\n# Check if everything is working\r\nsqlmap-ai --check-providers\r\n\r\n# List available Ollama models (if using Ollama)\r\nsqlmap-ai --list-ollama-models\r\n```\r\n\r\n## Usage Examples\r\n\r\n### Basic SQL Injection Test\r\n\r\n```bash\r\n# Test a vulnerable website\r\nsqlmap-ai -u \"http://example.com/page.php?id=1\"\r\n\r\n# Use specific AI provider\r\nsqlmap-ai -u \"http://example.com/page.php?id=1\" --ai-provider groq\r\n```\r\n\r\n### HTTP Request File Testing (NEW!)\r\n\r\n```bash\r\n# Test using HTTP request capture file\r\nsqlmap-ai -r request.txt\r\n\r\n# Enhanced mode with request file and adaptive testing\r\nsqlmap-ai --enhanced --adaptive -r request.txt\r\n\r\n# With specific AI provider\r\nsqlmap-ai --enhanced -r request.txt --ai-provider groq\r\n\r\n# Simple mode with request file\r\nsqlmap-ai --simple -r request.txt\r\n```\r\n\r\n**Request File Format:**\r\n```http\r\nPOST /login.php HTTP/1.1\r\nHost: example.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 38\r\n\r\nusername=admin&password=test\r\n```\r\n\r\n**Creating Request Files:**\r\n\r\n1. **From Browser Developer Tools:**\r\n - Open Developer Tools (F12)\r\n - Go to Network tab\r\n - Perform the action you want to test\r\n - Right-click the request \u2192 Copy \u2192 Copy as cURL\r\n - Convert cURL to HTTP format\r\n\r\n2. **From Burp Suite:**\r\n - Intercept the request\r\n - Right-click \u2192 Save item\r\n - Save as .txt file\r\n\r\n3. **From OWASP ZAP:**\r\n - Right-click request \u2192 Export \u2192 HTTP Message\r\n - Save as .txt file\r\n\r\n**Supported Request Types:**\r\n - [x] GET requests with parameters\r\n - [x] POST requests with form data\r\n - [x] POST requests with JSON data\r\n - [x] Requests with cookies\r\n - [x] Requests with custom headers\r\n - [x] Multipart form data\r\n\r\n### Advanced Testing\r\n\r\n```bash\r\n# Adaptive testing (recommended)\r\nsqlmap-ai --adaptive\r\n\r\n# Simple mode (basic SQLMap without AI)\r\nsqlmap-ai --simple -u \"http://example.com/page.php?id=1\"\r\n\r\n# Enhanced mode with custom options\r\nsqlmap-ai --enhanced -u \"http://example.com/page.php?id=1\" --level 3 --risk 2\r\n```\r\n\r\n### AI Provider Selection\r\n\r\n```bash\r\n# Use Groq (fastest)\r\nsqlmap-ai -u \"http://example.com/page.php?id=1\" --ai-provider groq\r\n\r\n# Use Ollama (local, private)\r\nsqlmap-ai -u \"http://example.com/page.php?id=1\" --ai-provider ollama\r\n\r\n# Use OpenAI\r\nsqlmap-ai -u \"http://example.com/page.php?id=1\" --ai-provider openai\r\n\r\n# Auto-select best available\r\nsqlmap-ai -u \"http://example.com/page.php?id=1\" --ai-provider auto\r\n```\r\n\r\n### Complete Testing Workflow\r\n\r\n```bash\r\n# 1. Basic scan with URL\r\nsqlmap-ai -u \"http://example.com/page.php?id=1\"\r\n\r\n# 2. Enhanced scan with request file\r\nsqlmap-ai --enhanced --adaptive -r captured_request.txt\r\n\r\n# 3. Advanced scan with custom options\r\nsqlmap-ai --enhanced -r request.txt --level 4 --risk 3 --threads 10\r\n\r\n# 4. Simple mode for quick testing\r\nsqlmap-ai --simple -r request.txt --batch\r\n```\r\n\r\n## Testing Modes\r\n\r\n### Enhanced Mode (Default)\r\nFull AI-powered testing with advanced features:\r\n\r\n```bash\r\n# Basic enhanced scan\r\nsqlmap-ai --enhanced -u \"http://example.com/page.php?id=1\"\r\n\r\n# With request file\r\nsqlmap-ai --enhanced -r request.txt\r\n\r\n# Adaptive testing with AI analysis\r\nsqlmap-ai --enhanced --adaptive -r request.txt --ai-provider groq\r\n```\r\n\r\n**Features:**\r\n- AI-powered vulnerability analysis\r\n- Adaptive testing strategies\r\n- WAF evasion techniques\r\n- Beautiful HTML reports\r\n- Risk assessment and remediation guidance\r\n- Interactive CLI with progress tracking\r\n- Multiple AI providers (Groq, OpenAI, Anthropic, Ollama)\r\n- Advanced configuration management\r\n- Request file support (NEW!)\r\n\r\n### Simple Mode\r\nBasic SQL injection testing without AI features:\r\n\r\n```bash\r\n# Basic simple scan\r\nsqlmap-ai --simple -u \"http://example.com/page.php?id=1\"\r\n\r\n# With request file\r\nsqlmap-ai --simple -r request.txt\r\n\r\n# Quick batch mode\r\nsqlmap-ai --simple -r request.txt --batch\r\n```\r\n\r\n**Features:**\r\n- Basic SQL injection detection\r\n- Standard SQLMap functionality\r\n- Minimal dependencies\r\n- Fast execution\r\n- Request file support (NEW!)\r\n- Simple text output\r\n- Basic result saving\r\n\r\n### Adaptive Mode\r\nIntelligent step-by-step testing that adapts to the target:\r\n\r\n```bash\r\n# Full adaptive testing\r\nsqlmap-ai --enhanced --adaptive -r request.txt\r\n\r\n# With specific AI provider\r\nsqlmap-ai --enhanced --adaptive -r request.txt --ai-provider groq\r\n```\r\n\r\n**Adaptive Steps:**\r\n1. **\ud83d\udfe2 Initial Assessment** - Check for SQL injection vulnerabilities\r\n2. **\ud83d\udfe0 DBMS Identification** - Detect database type (MySQL, PostgreSQL, etc.)\r\n3. **\ud83d\udd34 Enhanced Testing** - Try more aggressive techniques\r\n4. **\ud83d\udfe3 Data Extraction** - Extract valuable data from identified tables\r\n5. **\ud83e\udd16 AI Analysis** - Get AI recommendations for next steps\r\n\r\n## AI Providers Comparison\r\n\r\n| Provider | Setup | Speed | Privacy | Cost |\r\n|----------|-------|-------|---------|------|\r\n| **Groq** | API Key | \u26a1 Fastest | Cloud | Free tier available |\r\n| **OpenAI** | API Key | \u26a1 Fast | Cloud | Pay per use |\r\n| **Anthropic** | API Key | \u26a1 Fast | Cloud | Pay per use |\r\n| **Ollama** | Local install | Fast | \ud83d\udd12 Local | Free |\r\n\r\n## Configuration Files\r\n\r\n### .env File\r\nCreated automatically by `sqlmap-ai --install-check`:\r\n\r\n```bash\r\n# AI Provider API Keys\r\nGROQ_API_KEY=your_groq_api_key_here\r\nOPENAI_API_KEY=your_openai_api_key_here\r\nANTHROPIC_API_KEY=your_anthropic_api_key_here\r\n\r\n# Ollama Settings (if using local AI)\r\nENABLE_OLLAMA=false\r\nOLLAMA_BASE_URL=http://localhost:11434\r\nOLLAMA_MODEL=llama3.2\r\n\r\n# Security Settings\r\nMAX_REQUESTS_PER_MINUTE=60\r\nSAFE_MODE=true\r\nAUDIT_LOGGING=true\r\n```\r\n\r\n### config.yaml\r\nCreated automatically by `sqlmap-ai --config-wizard`:\r\n\r\n```yaml\r\nversion: \"2.0\"\r\nsecurity:\r\n safe_mode: true\r\n max_requests_per_minute: 60\r\n audit_logging: true\r\n\r\nsqlmap:\r\n default_timeout: 120\r\n default_risk: 1\r\n default_level: 1\r\n default_threads: 5\r\n\r\nui:\r\n show_banner: true\r\n interactive_mode: false\r\n```\r\n\r\n## Troubleshooting\r\n\r\n### Common Issues\r\n\r\n**1. \"No AI providers available\"**\r\n- Check your `.env` file has correct API keys\r\n- Run `sqlmap-ai --check-providers` to verify\r\n\r\n**2. \"Ollama not detected\"**\r\n- Make sure Ollama is running: `ollama serve`\r\n- Check if models are installed: `ollama list`\r\n- Verify `.env` has `ENABLE_OLLAMA=true`\r\n\r\n**3. \"SQLMap not found\"**\r\n- Run `sqlmap-ai --install-check` to install SQLMap\r\n- Or install manually: `pip install sqlmap`\r\n\r\n**4. \"Configuration issues\"**\r\n- Run `sqlmap-ai --config-wizard` to fix setup\r\n- Check `sqlmap-ai --validate-config` for issues\r\n\r\n**5. \"Request file not working\"**\r\n- Ensure request file has proper HTTP format\r\n- Check that Host header is present\r\n- Verify request file path is correct\r\n- Try with `--simple` mode first: `sqlmap-ai --simple -r request.txt`\r\n\r\n**6. \"URL validation failed\"**\r\n- When using request files, the URL is automatically extracted\r\n- Ensure request file contains valid HTTP request\r\n- Check that the Host header matches the target domain\r\n\r\n### Getting Help\r\n\r\n```bash\r\n# Show all available commands\r\nsqlmap-ai --help\r\n\r\n# Show enhanced mode help\r\nsqlmap-ai --enhanced --help\r\n\r\n# Show simple mode help\r\nsqlmap-ai --simple --help\r\n```\r\n\r\n## Advanced Features\r\n\r\n### Adaptive Testing Mode\r\nAutomatically adapts testing strategy based on target:\r\n\r\n```bash\r\nsqlmap-ai --adaptive\r\n```\r\n\r\nThis mode:\r\n1. **Initial Assessment** - Check for SQL injection vulnerabilities\r\n2. **DBMS Identification** - Detect database type\r\n3. **DBMS-Specific Attacks** - Use optimized techniques\r\n4. **WAF Bypass** - Automatically select tamper scripts\r\n5. **Data Extraction** - Extract sensitive information\r\n6. **Alternative Testing** - Test POST, cookies, headers\r\n\r\n### Ollama Model Selection\r\n\r\nIf using Ollama, you can select different models:\r\n\r\n```bash\r\n# List available models\r\nsqlmap-ai --list-ollama-models\r\n\r\n# Interactive model selection\r\nsqlmap-ai --config-wizard\r\n```\r\n\r\nPopular models:\r\n- **llama3.2** - Good general performance\r\n- **codellama** - Specialized for code analysis\r\n- **mistral** - Fast and efficient\r\n- **qwen2.5** - Good reasoning capabilities\r\n\r\n### Result:\r\n```json\r\n{\r\n \"timestamp\": 1755896586,\r\n \"scan_info\": {\r\n \"vulnerable_parameters\": [\r\n \"cat\"\r\n ],\r\n \"techniques\": [\r\n \"MySQL\"\r\n ],\r\n \"databases\": [],\r\n \"tables\": [],\r\n \"columns\": {},\r\n \"dbms\": \"back-end DBMS: MySQL >= 5.6\",\r\n \"os\": \"Unknown\",\r\n \"waf_detected\": false,\r\n \"web_app\": [],\r\n \"payloads\": [],\r\n \"raw_result\": \"[+] the following parameters are vulnerable to SQL injection:\\n Parameter: cat (GET)\\n[+] back-end DBMS: back-end DBMS: MySQL >= 5.6\\n[+] banner: 8.0.22-0ubuntu0.20.04.2\",\r\n \"url\": \"\",\r\n \"extracted\": {}\r\n },\r\n \"scan_history\": [\r\n {\r\n \"step\": \"initial_reconnaissance\",\r\n \"command\": \"sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --fingerprint --dbs\",\r\n \"result\": {\r\n \"vulnerable_parameters\": [\r\n \"cat\"\r\n ],\r\n \"techniques\": [\r\n \"MySQL\"\r\n ],\r\n \"databases\": [\r\n \"acuart\",\r\n \"information_schema\"\r\n ],\r\n \"tables\": [],\r\n \"columns\": {},\r\n \"dbms\": \"back-end DBMS: MySQL >= 5.6\",\r\n \"os\": \"Unknown\",\r\n \"waf_detected\": false,\r\n \"web_app\": [],\r\n \"payloads\": [],\r\n \"raw_result\": \"[+] the following parameters are vulnerable to SQL injection:\\n Parameter: cat (GET)\\n[+] back-end DBMS: back-end DBMS: MySQL >= 5.6\\n[+] banner: 8.0.22-0ubuntu0.20.04.2\\n[+] available databases [2]:\\n[*] acuart\\n[*] information_schema\",\r\n \"url\": \"\",\r\n \"extracted\": {}\r\n }\r\n },\r\n {\r\n \"step\": \"follow_up_scan\",\r\n \"command\": \"sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 ['-D acuart --tables', '-D acuart --columns', '-D acuart -T users --dump']\",\r\n \"result\": {\r\n \"vulnerable_parameters\": [\r\n \"cat\"\r\n ],\r\n \"techniques\": [\r\n \"MySQL\"\r\n ],\r\n \"databases\": [],\r\n \"tables\": [],\r\n \"columns\": {},\r\n \"dbms\": \"back-end DBMS: MySQL >= 5.6\",\r\n \"os\": \"Unknown\",\r\n \"waf_detected\": false,\r\n \"web_app\": [],\r\n \"payloads\": [],\r\n \"raw_result\": \"[+] the following parameters are vulnerable to SQL injection:\\n Parameter: cat (GET)\\n[+] back-end DBMS: back-end DBMS: MySQL >= 5.6\\n[+] banner: 8.0.22-0ubuntu0.20.04.2\",\r\n \"url\": \"\",\r\n \"extracted\": {}\r\n }\r\n }\r\n ]\r\n}\r\n```\r\n\r\n## Requirements\r\n\r\n- Python 3.8+\r\n- SQLMap (installed automatically)\r\n- Internet connection (for cloud AI providers)\r\n- 2GB+ RAM (for Ollama local models)\r\n\r\n## License\r\n\r\nThis project is licensed under the MIT License.\r\n\r\n## Disclaimer\r\n\r\nThis tool is intended for educational and ethical hacking purposes only. Always obtain permission before testing any system or application. The developers are not responsible for any misuse or damage caused by this tool.\r\n\r\n## Star History\r\n\r\n[](https://www.star-history.com/#atiilla/sqlmap-ai&Date) \r\n",
"bugtrack_url": null,
"license": null,
"summary": "AI-powered SQL injection testing tool with multiple AI providers",
"version": "2.0.2",
"project_urls": {
"Documentation": "https://github.com/atiilla/sqlmap-ai#readme",
"Homepage": "https://github.com/atiilla/sqlmap-ai",
"Issues": "https://github.com/atiilla/sqlmap-ai/issues",
"Repository": "https://github.com/atiilla/sqlmap-ai.git"
},
"split_keywords": [
"sqlmap",
" sql-injection",
" security",
" ai",
" penetration-testing",
" cybersecurity"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "aff9f4ddaa1e0c5019c8b4c62d4466aa6ddce100342f5a55f201831593b34d2e",
"md5": "70435c5a5dfbae8d81af00947808f6db",
"sha256": "1eae09d6e2d5e6da95b6de7d28f0b309f89ff3219cfadc154cc1763d18b71b89"
},
"downloads": -1,
"filename": "sqlmap_ai-2.0.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "70435c5a5dfbae8d81af00947808f6db",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 80867,
"upload_time": "2025-08-25T22:02:05",
"upload_time_iso_8601": "2025-08-25T22:02:05.960028Z",
"url": "https://files.pythonhosted.org/packages/af/f9/f4ddaa1e0c5019c8b4c62d4466aa6ddce100342f5a55f201831593b34d2e/sqlmap_ai-2.0.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "de20557964f063ef13b13f795c8d32276457d2ea421c558041831232b2028f9c",
"md5": "1a9bc8d5ba11193db8d0f2ae38bb8286",
"sha256": "f70daccc88b0d1164d9cf60ae40292fddd112acdb783c637b90ba156f1ae7f37"
},
"downloads": -1,
"filename": "sqlmap_ai-2.0.2.tar.gz",
"has_sig": false,
"md5_digest": "1a9bc8d5ba11193db8d0f2ae38bb8286",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 83608,
"upload_time": "2025-08-25T22:02:07",
"upload_time_iso_8601": "2025-08-25T22:02:07.658433Z",
"url": "https://files.pythonhosted.org/packages/de/20/557964f063ef13b13f795c8d32276457d2ea421c558041831232b2028f9c/sqlmap_ai-2.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-25 22:02:07",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "atiilla",
"github_project": "sqlmap-ai",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "python-dotenv",
"specs": [
[
">=",
"1.0.0"
]
]
},
{
"name": "groq",
"specs": [
[
">=",
"0.4.0"
]
]
},
{
"name": "requests",
"specs": [
[
">=",
"2.31.0"
]
]
},
{
"name": "colorama",
"specs": [
[
">=",
"0.4.6"
]
]
},
{
"name": "openai",
"specs": [
[
">=",
"1.3.0"
]
]
},
{
"name": "anthropic",
"specs": [
[
">=",
"0.8.0"
]
]
},
{
"name": "pyyaml",
"specs": [
[
">=",
"6.0.1"
]
]
},
{
"name": "rich",
"specs": [
[
">=",
"13.0.0"
]
]
},
{
"name": "jinja2",
"specs": [
[
">=",
"3.1.2"
]
]
},
{
"name": "cryptography",
"specs": [
[
">=",
"3.4.0"
]
]
}
],
"lcname": "sqlmap-ai"
}
JSON
