mirror of
https://github.com/atiilla/sqlmap-ai.git
synced 2026-04-27 00:25:52 +03:00
This script automates SQL injection testing using SQLMap with AI-powered decision making.
4d160d4d29
- Updated `extract_dumped_data` regex to handle table data more effectively. - Switched to `waitress` for the SQLMap API server to ensure compatibility with Python 3.13+. - Improved handling of request files, distinguishing between Burp XML logs and raw HTTP requests. - Added support for additional command-line options in the SQLMap API Runner. - Implemented utility methods to safely convert string representations to lists and dictionaries. - Enhanced output formatting for API data, including better handling of database and table dumps. - Introduced a new test file for Burp XML log format to validate the changes. |
||
|---|---|---|
| docs | ||
| sqlmap_ai | ||
| tests | ||
| utils | ||
| .env.template | ||
| .gitignore | ||
| .sqlmap_ai_first_run | ||
| config.yaml | ||
| LICENSE | ||
| mkdocs.yml | ||
| pyproject.toml | ||
| README.md | ||
| requirements.txt | ||
| setup.py | ||
| sqlmap.gif | ||
| testphp.txt | ||
| testphp_login.txt | ||
SQLMap AI Assistant
An AI-powered wrapper around SQLMap that makes SQL injection testing more accessible and automated.
Features
Core Features
- AI-Assisted Testing - Intelligent vulnerability analysis and recommendations
- Adaptive Testing - Step-by-step testing that adapts to target responses
- Enhanced HTML Reports - Beautiful, detailed reports with vulnerability details
- Parameter Targeting - Test specific parameters with
-poption (like original SQLMap) - WAF Bypass - Automatic tamper script selection for firewall evasion
- Database Enumeration - Complete database, table, and column discovery
- Request File Support - Test from Burp Suite, ZAP, or browser captures
AI Providers
- Groq - Fastest AI analysis (recommended)
- DeepSeek - Affordable and capable analysis
- OpenAI - GPT-4 powered analysis
- Anthropic Claude - Advanced reasoning
- Ollama - Local, private AI (no cloud required)
New in v2.0.6
- Private Network Scanning - Local/private IP targets now allowed by default
- Configurable Network Policy - New
allow_private_networkssecurity setting - Improved Test Coverage - Added dedicated tests for private network validation
See the full Changelog for previous versions.
Quick Start
1. Install SQLMap:
sudo apt install sqlmap # Debian/Ubuntu/Kali
brew install sqlmap # macOS
2. Install SQLMap AI:
pip install sqlmap-ai
sqlmap-ai --install-check
3. Set an API key in your .env file (e.g., Groq - free & fastest):
GROQ_API_KEY=your_groq_api_key_here
4. Run:
sqlmap-ai -u "http://example.com/page.php?id=1"
See the full Installation Guide for all providers and options.
Documentation
| Guide | Description |
|---|---|
| Installation | Prerequisites, setup, AI provider configuration |
| Usage | Examples, testing modes, request files, workflows |
| Configuration | .env, config.yaml, command-line reference |
| Troubleshooting | Common issues and getting help |
| Changelog | Version history |
Requirements
- Python 3.8+
- SQLMap (must be installed globally on your system)
- Kali/Debian/Ubuntu:
sudo apt install sqlmap - macOS:
brew install sqlmap - From source: github.com/sqlmapproject/sqlmap
- Kali/Debian/Ubuntu:
- Internet connection (for cloud AI providers)
- 2GB+ RAM (for Ollama local models)
License
This project is licensed under the MIT License.
Disclaimer
This tool is intended for educational and ethical hacking purposes only. Always obtain permission before testing any system or application. The developers are not responsible for any misuse or damage caused by this tool.