souleyez 3.0.0__py3-none-any.whl → 3.0.7__py3-none-any.whl

souleyez/ui/interactive.py

@@ -8,6 +8,7 @@ import os
 import platform
 import shlex
 import shutil
+import subprocess
 import sys
 import tempfile
 import time
@@ -1947,78 +1948,132 @@ def show_tool_menu(tool_name: str) -> Optional[Dict[str, Any]]:
 
         elif choice == 3:
             # Select from credentials in current engagement
-            from souleyez.storage.credentials import CredentialManager
+            from souleyez.storage.credentials import CredentialsManager
             from souleyez.storage.engagements import EngagementManager
 
             em = EngagementManager()
             current_eng = em.get_current()
 
             if not current_eng:
+                click.echo()
                 click.echo(click.style("No engagement selected!", fg="red"))
                 click.echo("Use 'souleyez engagement use <name>' first")
+                click.echo()
+                click.pause()
                 return None
 
-            cm = CredentialManager()
+            cm = CredentialsManager()
             creds = cm.list_credentials(current_eng["id"])
 
-            # Filter for hashes only (credential_type contains 'hash')
-            hashes = [
-                c for c in creds if "hash" in c.get("credential_type", "").lower()
-            ]
+            # Filter for actual crackable hashes
+            # Hash is stored in 'password' field, must look like a hash (not plaintext)
+            def is_crackable_hash(cred):
+                cred_type = cred.get("credential_type", "").lower()
+                # Hash value is in 'password' field
+                hash_value = cred.get("password", "") or ""
+
+                if not hash_value or hash_value == "None":
+                    return False
+
+                # Must have hash-related type
+                if "hash" not in cred_type:
+                    return False
+
+                # Check if value looks like a hash (not plaintext)
+                # Hex hash (32+ chars for MD5, mostly hex characters)
+                hex_chars = sum(c in "0123456789abcdefABCDEF" for c in hash_value)
+                if len(hash_value) >= 32 and hex_chars / len(hash_value) > 0.9:
+                    return True
+                # Hash format like $1$salt$hash or $2a$... (bcrypt, etc.)
+                if hash_value.startswith("$") and "$" in hash_value[1:]:
+                    return True
+                # Kerberos hashes start with $krb5
+                if hash_value.startswith("$krb5"):
+                    return True
+                # NTLM:LM format (hash:hash)
+                if ":" in hash_value and len(hash_value) >= 65:
+                    return True
+
+                # If it looks like plaintext (has spaces, common words), reject
+                if " " in hash_value or len(hash_value) < 20:
+                    return False
+
+                return False
+
+            hashes = [c for c in creds if is_crackable_hash(c)]
 
             if not hashes:
+                click.echo()
                 click.echo(
-                    click.style("No hashes found in current engagement!", fg="yellow")
+                    click.style(
+                        "No crackable hashes found in current engagement!", fg="yellow"
+                    )
                 )
+                click.echo()
                 click.echo("Try discovering hashes first with:")
                 click.echo("  • secretsdump (extract SAM/NTDS)")
                 click.echo("  • GetNPUsers (AS-REP roasting)")
+                click.echo("  • SQLMap (database password hashes)")
+                click.echo()
+                click.pause()
                 return None
 
-            # Show hash list
-            click.echo()
-            click.echo(
-                click.style(
-                    f"Found {len(hashes)} hash(es) in current engagement:",
-                    fg="green",
-                    bold=True,
-                )
-            )
-            click.echo()
+            # Use interactive selector for hash list
+            from souleyez.ui.interactive_selector import interactive_select
 
-            for idx, cred in enumerate(hashes[:20], 1):  # Show max 20
-                username = cred.get("username", "unknown")[:30].ljust(30)
-                hash_type = cred.get("credential_type", "unknown")[:20]
-                hash_preview = cred.get("credential", "")[:40] + "..."
-                click.echo(f"  {idx:2d}. {username} | {hash_type} | {hash_preview}")
+            # Prepare hash items with display-friendly fields
+            hash_items = []
+            for idx, cred in enumerate(hashes):
+                hash_value = cred.get("password", "") or ""
+                # Create preview of hash
+                if len(hash_value) > 40:
+                    hash_preview = hash_value[:20] + "..." + hash_value[-10:]
+                else:
+                    hash_preview = hash_value
 
-            if len(hashes) > 20:
-                click.echo(f"  ... and {len(hashes) - 20} more")
+                hash_items.append(
+                    {
+                        "idx": idx,
+                        "username": cred.get("username", "unknown")[:25],
+                        "hash_type": cred.get("credential_type", "unknown"),
+                        "hash_preview": hash_preview,
+                        "hash_value": hash_value,  # Full hash for use
+                        "original": cred,  # Keep original for later
+                    }
+                )
 
-            click.echo()
-            selection = click.prompt(
-                click.style(
-                    "Select hash number (or 0 to cancel)", fg="yellow", bold=True
-                ),
-                type=int,
-                default=0,
+            columns = [
+                {"name": "#", "width": 5, "key": "idx"},
+                {"name": "Username", "width": 25, "key": "username"},
+                {"name": "Type", "width": 20, "key": "hash_type"},
+                {"name": "Hash Preview", "key": "hash_preview"},
+            ]
+
+            selected_ids = set()
+            interactive_select(
+                items=hash_items,
+                columns=columns,
+                selected_ids=selected_ids,
+                get_id=lambda h: h["idx"],
+                title="SELECT HASH TO CRACK",
             )
 
-            if selection < 1 or selection > len(hashes):
+            if not selected_ids:
                 click.echo(click.style("Cancelled", fg="yellow"))
                 return None
 
-            # Use selected hash
-            selected = hashes[selection - 1]
-            target = selected.get("credential", "")
+            # Get first selected hash
+            selected_idx = list(selected_ids)[0]
+            selected_item = hash_items[selected_idx]
+            target = selected_item["hash_value"]
 
-            if not target:
+            if not target or target == "None":
                 click.echo(click.style("Hash is empty!", fg="red"))
                 return None
 
             click.echo(
                 click.style(
-                    f"\n✓ Selected: {selected.get('username')} ({selected.get('credential_type')})",
+                    f"\n✓ Selected: {selected_item['username']} ({selected_item['hash_type']})",
                     fg="green",
                 )
             )
@@ -2044,6 +2099,121 @@ def show_tool_menu(tool_name: str) -> Optional[Dict[str, Any]]:
         em = EngagementManager()
         current_eng = em.get_current()
 
+        # Valid TLDs for filtering (common ones)
+        valid_tlds = {
+            "com",
+            "org",
+            "net",
+            "edu",
+            "gov",
+            "mil",
+            "int",
+            "io",
+            "co",
+            "us",
+            "uk",
+            "ca",
+            "au",
+            "de",
+            "fr",
+            "jp",
+            "cn",
+            "ru",
+            "br",
+            "in",
+            "mx",
+            "es",
+            "it",
+            "nl",
+            "se",
+            "no",
+            "fi",
+            "dk",
+            "pl",
+            "cz",
+            "at",
+            "ch",
+            "be",
+            "ie",
+            "nz",
+            "za",
+            "sg",
+            "hk",
+            "kr",
+            "tw",
+            "th",
+            "my",
+            "ph",
+            "id",
+            "vn",
+            "ar",
+            "cl",
+            "co",
+            "pe",
+            "ve",
+            "pt",
+            "gr",
+            "tr",
+            "il",
+            "ae",
+            "sa",
+            "eg",
+            "ng",
+            "ke",
+            "info",
+            "biz",
+            "name",
+            "pro",
+            "mobi",
+            "tv",
+            "cc",
+            "ws",
+            "me",
+            "ly",
+            "to",
+            "fm",
+            "am",
+            "gg",
+            "xyz",
+            "app",
+            "dev",
+            "cloud",
+            "tech",
+            "online",
+            "site",
+            "store",
+            "shop",
+            "blog",
+        }
+
+        # Local/invalid TLDs to exclude
+        invalid_tlds = {"lan", "local", "home", "internal", "localdomain", "localhost"}
+
+        def is_valid_domain(domain):
+            """Check if domain is valid for OSINT tools."""
+            if not domain or not isinstance(domain, str):
+                return False
+            # Must have at least one dot
+            if "." not in domain:
+                return False
+            parts = domain.split(".")
+            if len(parts) < 2:
+                return False
+            # Check TLD
+            tld = parts[-1].lower()
+            if tld in invalid_tlds:
+                return False
+            # Reject if TLD is all digits (partial IP)
+            if tld.isdigit():
+                return False
+            # Reject if domain part is all digits (partial IP)
+            if parts[-2].isdigit():
+                return False
+            # Must have valid TLD or at least 2 chars
+            if tld not in valid_tlds and len(tld) < 2:
+                return False
+            return True
+
         discovered_domains = []
         if current_eng:
             hm = HostManager()
@@ -2054,11 +2224,10 @@ def show_tool_menu(tool_name: str) -> Optional[Dict[str, Any]]:
             for host in all_hosts:
                 hostname = host.get("hostname")
                 if hostname and "." in hostname:
-                    # Extract domain (everything after first subdomain)
                     parts = hostname.split(".")
                     if len(parts) >= 2:
-                        domain = ".".join(parts[-2:])  # Get last two parts (domain.tld)
-                        if domain not in discovered_domains:
+                        domain = ".".join(parts[-2:])
+                        if is_valid_domain(domain) and domain not in discovered_domains:
                             discovered_domains.append(domain)
 
             # Also check OSINT data for hosts/domains (from theHarvester, etc.)
@@ -2067,77 +2236,109 @@ def show_tool_menu(tool_name: str) -> Optional[Dict[str, Any]]:
                 for osint_entry in osint_hosts:
                     hostname = osint_entry.get("value", "")
                     if hostname and "." in hostname:
-                        # Extract domain from hostname
                         parts = hostname.split(".")
                         if len(parts) >= 2:
-                            # If it's a subdomain (e.g., testasp.vulnweb.com), extract base domain
-                            domain = ".".join(
-                                parts[-2:]
-                            )  # Get last two parts (domain.tld)
-                            if domain not in discovered_domains:
+                            domain = ".".join(parts[-2:])
+                            if (
+                                is_valid_domain(domain)
+                                and domain not in discovered_domains
+                            ):
                                 discovered_domains.append(domain)
             except Exception:
-                pass  # Silently ignore OSINT lookup errors
+                pass
 
-        if discovered_domains:
+        # Show menu-based selection like Nmap
+        domain_count = len(discovered_domains)
+        if domain_count > 0:
             click.echo(
-                click.style(
-                    f"🎯 Discovered {len(discovered_domains)} domain(s) in current engagement:",
-                    fg="green",
-                    bold=True,
-                )
+                f"Found {click.style(str(domain_count), fg='green', bold=True)} valid domain(s) in current engagement."
             )
-            click.echo()
-
-            for idx, domain in enumerate(discovered_domains[:10], 1):
-                click.echo(f"  {idx}. {domain}")
-
-            if len(discovered_domains) > 10:
-                click.echo(f"  ... and {len(discovered_domains) - 10} more")
+        else:
+            click.echo(click.style("No valid domains discovered yet.", fg="yellow"))
+        click.echo()
 
-            click.echo()
-            click.echo("  [0] Enter custom domain")
-            click.echo("  [q] Back")
-            click.echo()
-            click.echo(
-                click.style("  💡 TIP: ", fg="yellow", bold=True)
-                + "Type "
-                + click.style("?", fg="cyan", bold=True)
-                + " for help guide"
+        click.echo(
+            "  1. Select from discovered domains"
+            if domain_count > 0
+            else click.style(
+                "  1. Select from discovered domains (none found)", dim=True
             )
-            click.echo()
+        )
+        click.echo("  2. Enter custom domain")
+        click.echo("  [q] Back")
+        click.echo()
+        click.echo(
+            click.style("  💡 TIP: ", fg="yellow", bold=True)
+            + "Type "
+            + click.style("?", fg="cyan", bold=True)
+            + " for help guide"
+        )
+        click.echo()
 
-            choice = click.prompt(
-                click.style("Select option", fg="green", bold=True),
-                type=str,
-                default="0",
-                show_default=False,
-            ).strip()
+        choice = click.prompt(
+            click.style("Select option", fg="green", bold=True),
+            type=str,
+            default="2" if domain_count == 0 else "1",
+            show_default=False,
+        ).strip()
 
-            # Handle help command
-            if choice == "?":
-                show_tool_help(tool_name, help_info)
-                DesignSystem.clear_screen()
-                return {"action": "retry"}
+        # Handle help command
+        if choice == "?":
+            show_tool_help(tool_name, help_info)
+            DesignSystem.clear_screen()
+            return {"action": "retry"}
 
-            # Handle back/quit
-            if choice.lower() == "q":
-                return {"action": "back"}
+        # Handle back/quit
+        if choice.lower() == "q":
+            return {"action": "back"}
 
-            if choice.isdigit() and 1 <= int(choice) <= len(discovered_domains):
-                target = discovered_domains[int(choice) - 1]
-                click.echo(click.style(f"\n✓ Selected: {target}", fg="green"))
-                click.echo()
-            else:
-                target = None
-        else:
-            click.echo(
-                click.style(
-                    "No domains discovered yet in current engagement", fg="yellow"
+        target = None
+        if choice == "1" and domain_count > 0:
+            # Use interactive selector for domain list
+            from souleyez.ui.interactive_selector import interactive_select
+
+            # Prepare domain items
+            domain_items = []
+            for idx, domain in enumerate(discovered_domains):
+                # Extract TLD for display
+                parts = domain.split(".")
+                tld = parts[-1].upper() if parts else ""
+                domain_items.append(
+                    {
+                        "idx": idx,
+                        "domain": domain,
+                        "tld": f".{tld}",
+                    }
                 )
+
+            columns = [
+                {"name": "#", "width": 5, "key": "idx"},
+                {"name": "Domain", "key": "domain"},
+                {"name": "TLD", "width": 8, "key": "tld"},
+            ]
+
+            selected_ids = set()
+            interactive_select(
+                items=domain_items,
+                columns=columns,
+                selected_ids=selected_ids,
+                get_id=lambda d: d["idx"],
+                title="SELECT TARGET DOMAIN",
             )
+
+            if not selected_ids:
+                return {"action": "back"}
+
+            # Get first selected domain
+            selected_idx = list(selected_ids)[0]
+            target = domain_items[selected_idx]["domain"]
+            click.echo(click.style(f"\n✓ Selected: {target}", fg="green"))
             click.echo()
-            target = None
+        elif choice == "2" or (choice == "1" and domain_count == 0):
+            target = None  # Will prompt for manual entry below
+        else:
+            click.echo(click.style("Invalid option!", fg="red"))
+            return None
 
         # Manual entry if not selected from list
         if not target:
@@ -6144,10 +6345,12 @@ def view_jobs_menu():
                     "hashes"
                 ):
                     critical_indicator = "[bold red]💀[/bold red]"
-                # Shell access (evil_winrm, psexec success)
-                elif tool in ["evil_winrm", "impacket-psexec"] and parse_result.get(
-                    "success"
-                ):
+                # Shell access (evil_winrm, psexec, msf_exploit success)
+                elif tool in [
+                    "evil_winrm",
+                    "impacket-psexec",
+                    "msf_exploit",
+                ] and parse_result.get("success"):
                     critical_indicator = "[bold green]🐚[/bold green]"
                 # Credentials found (hydra, hashcat cracked, smbpasswd, etc.)
                 else:
@@ -6229,8 +6432,8 @@ def view_jobs_menu():
         click.echo()
 
         # Build menu and legend side by side using Rich
-        from rich.table import Table
         from rich import box
+        from rich.table import Table
 
         console = Console()
 
@@ -11850,7 +12053,10 @@ def view_job_detail(job_id: int):
             if web_login_test_handler:
                 try:
                     current_status = job.get("status", "")
-                    if current_status == "done" and web_login_test_handler.has_done_handler:
+                    if (
+                        current_status == "done"
+                        and web_login_test_handler.has_done_handler
+                    ):
                         web_login_test_handler.display_done(
                             job, log_path, show_all_paths, show_passwords
                         )
@@ -14781,7 +14987,11 @@ def view_job_detail(job_id: int):
                 creds = parse_result.get("credentials", [])
                 # Check for SSH or telnet credentials
                 for cred in creds if isinstance(creds, list) else []:
-                    service = cred.get("service", "").lower() if isinstance(cred, dict) else ""
+                    service = (
+                        cred.get("service", "").lower()
+                        if isinstance(cred, dict)
+                        else ""
+                    )
                     if service in ["ssh", "telnet"]:
                         can_spawn_shell = True
                         if service == "ssh":
@@ -14801,7 +15011,10 @@ def view_job_detail(job_id: int):
                 try:
                     with open(log_path, "r", encoding="utf-8", errors="replace") as f:
                         log_content = f.read()
-                        if "session" in log_content.lower() and "opened" in log_content.lower():
+                        if (
+                            "session" in log_content.lower()
+                            and "opened" in log_content.lower()
+                        ):
                             can_spawn_shell = True
                             # Check if SSH or telnet
                             if "ssh" in log_content.lower():
@@ -15053,7 +15266,9 @@ def view_job_detail(job_id: int):
                             # Use first credential
                             first_cred = creds[0]
                             if isinstance(first_cred, dict):
-                                username = first_cred.get("username") or first_cred.get("login")
+                                username = first_cred.get("username") or first_cred.get(
+                                    "login"
+                                )
                                 password = first_cred.get("password")
 
                 if not username or (not password and not nt_hash):
@@ -15120,7 +15335,9 @@ def view_job_detail(job_id: int):
                         click.echo(f"  User:   {username}")
                         click.echo(f"  Pass:   {password}")
                         click.echo()
-                        click.echo("  Launching telnet... Enter password when prompted.")
+                        click.echo(
+                            "  Launching telnet... Enter password when prompted."
+                        )
                         click.echo()
                         shell_cmd = f"telnet {target}"
                     else:
@@ -15155,7 +15372,9 @@ def view_job_detail(job_id: int):
 
                 elif tool_name == "hydra":
                     # Hydra found valid credentials - determine service type
-                    service_type = parse_result.get("service", "").lower() if parse_result else ""
+                    service_type = (
+                        parse_result.get("service", "").lower() if parse_result else ""
+                    )
 
                     if service_type == "ssh" or is_ssh_shell:
                         # SSH - use sshpass
@@ -15171,7 +15390,9 @@ def view_job_detail(job_id: int):
                         click.echo(f"  User:   {username}")
                         click.echo(f"  Pass:   {password}")
                         click.echo()
-                        click.echo("  Launching telnet... Enter password when prompted.")
+                        click.echo(
+                            "  Launching telnet... Enter password when prompted."
+                        )
                         click.echo()
                         shell_cmd = f"telnet {target}"
                     elif service_type == "ftp":
@@ -15253,9 +15474,7 @@ def view_job_detail(job_id: int):
                         if shell_choice == "1":
                             # evil-winrm
                             if nt_hash:
-                                shell_cmd = (
-                                    f"evil-winrm -i {target} -u '{username}' -H '{nt_hash}'"
-                                )
+                                shell_cmd = f"evil-winrm -i {target} -u '{username}' -H '{nt_hash}'"
                             else:
                                 shell_cmd = f"evil-winrm -i {target} -u '{username}' -p '{password}'"
                         elif shell_choice == "2":
@@ -15263,9 +15482,7 @@ def view_job_detail(job_id: int):
                             if nt_hash:
                                 shell_cmd = f"impacket-psexec '{cred_prefix}@{target}' -hashes ':{nt_hash}'"
                             else:
-                                shell_cmd = (
-                                    f"impacket-psexec '{cred_prefix}:{password}@{target}'"
-                                )
+                                shell_cmd = f"impacket-psexec '{cred_prefix}:{password}@{target}'"
                         elif shell_choice == "3":
                             # SSH with sshpass
                             shell_cmd = f"sshpass -p '{password}' ssh -o StrictHostKeyChecking=no -o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-rsa {username}@{target}"
@@ -17043,6 +17260,10 @@ def _license_management_menu():
                                 _bypass_validation=True,  # Already validated
                             )
                             if tier_success:
+                                # Refresh in-memory user cache so PRO is active immediately
+                                from souleyez.auth import get_session_manager
+
+                                get_session_manager().set_current_user(None)
                                 click.echo(
                                     click.style(
                                         f"  ✓ User '{user.username}' upgraded to PRO tier",
@@ -17052,8 +17273,8 @@ def _license_management_menu():
                                 click.echo()
                                 click.echo(
                                     click.style(
-                                        "  🔐 Re-authenticate to unlock PRO capabilities.",
-                                        fg="cyan",
+                                        "  💎 PRO features now unlocked!",
+                                        fg="green",
                                     )
                                 )
                             else:
@@ -17188,13 +17409,18 @@ def _license_management_menu():
 
                             # Reset ALL users with PRO tier to FREE
                             try:
-                                from souleyez.auth import UserManager
+                                from souleyez.auth import (
+                                    UserManager,
+                                    get_session_manager,
+                                )
                                 from souleyez.storage.database import get_db
 
                                 user_mgr = UserManager(get_db().db_path)
                                 count, _ = user_mgr.reset_all_pro_tiers()
                                 if count > 0:
                                     click.echo(f"  Reset {count} user(s) to FREE tier.")
+                                # Refresh in-memory user cache
+                                get_session_manager().set_current_user(None)
                             except Exception:
                                 pass
                         else:
@@ -23629,61 +23855,6 @@ def manage_credentials_menu():
         break
 
 
-def view_additional_data_menu():
-    """Additional data viewing menu for OSINT and Web Paths."""
-    em = EngagementManager()
-    current_ws = em.get_current()
-
-    if not current_ws:
-        click.echo(click.style("No engagement selected!", fg="red"))
-        click.pause()
-        return
-
-    engagement_id = current_ws["id"]
-
-    while True:
-        DesignSystem.clear_screen()
-        click.echo("\n" + "=" * 70)
-        click.echo("ADDITIONAL DATA")
-        click.echo("=" * 70 + "\n")
-
-        click.echo("  1. Web Paths        - View and manage discovered web paths")
-        click.echo("  2. SMB Shares       - View and manage enumerated SMB shares")
-        click.echo(
-            "  3. SQLMap Data      - View SQL injection discoveries and databases"
-        )
-        click.echo()
-        click.echo("  [q] ← Back")
-        click.echo()
-
-        try:
-            choice_input = click.prompt(
-                "Select data type", type=str, default="q"
-            ).strip()
-
-            if choice_input == "q":
-                return
-            try:
-                choice = int(choice_input)
-            except ValueError:
-                click.echo(click.style("Invalid selection!", fg="red"))
-                click.pause()
-                continue
-
-            if choice == 1:
-                view_web_paths(engagement_id)
-            elif choice == 2:
-                view_smb_shares(engagement_id)
-            elif choice == 3:
-                view_sqlmap_data(engagement_id)
-            else:
-                click.echo(click.style("Invalid selection!", fg="red"))
-                click.pause()
-
-        except (KeyboardInterrupt, click.Abort):
-            return
-
-
 def view_additional_data_menu():
     """Additional data viewing menu for OSINT and Web Paths."""
     em = EngagementManager()
@@ -27732,7 +27903,13 @@ def view_credentials(engagement_id: int):
                     return
 
     # Active filters
-    filters = {"service": None, "status": None, "host_id": None, "tool": None}
+    filters = {
+        "service": None,
+        "status": None,
+        "host_id": None,
+        "tool": None,
+        "credential_type": None,
+    }
 
     # Pagination
     PAGE_SIZE = 20
@@ -27780,6 +27957,14 @@ def view_credentials(engagement_id: int):
         if filters["tool"] and credentials:
             credentials = [c for c in credentials if c.get("tool") == filters["tool"]]
 
+        # Apply credential_type filter
+        if filters["credential_type"] and credentials:
+            credentials = [
+                c
+                for c in credentials
+                if c.get("credential_type") == filters["credential_type"]
+            ]
+
         # Pagination calculations
         total_creds = len(credentials) if credentials else 0
         total_pages = (
@@ -27903,6 +28088,7 @@ def view_credentials(engagement_id: int):
         click.echo("  [a] Add - Manually add credential")
         click.echo("  [f] Filter - Filter by service/status/host")
         click.echo("  [o] Tool - Filter by tool")
+        click.echo("  [y] Type - Filter by credential type (password/hash/username)")
         click.echo("  [c] Clear filters - Reset all filters")
         click.echo("  [q] Back")
         click.echo()
@@ -28004,6 +28190,12 @@ def view_credentials(engagement_id: int):
                 # Filter by tool
                 filters["tool"] = _filter_credential_by_tool(engagement_id, cm)
                 current_page = 1
+            elif choice == "y":
+                # Filter by credential type
+                filters["credential_type"] = _filter_credential_by_type(
+                    engagement_id, cm
+                )
+                current_page = 1
             elif choice == "c":
                 filters = {k: None for k in filters}
                 current_page = 1
@@ -28308,6 +28500,50 @@ def _filter_credential_by_tool(engagement_id: int, cm: "CredentialsManager"):
         return None
 
 
+def _filter_credential_by_type(engagement_id: int, cm: "CredentialsManager"):
+    """Prompt for credential type filter."""
+    credentials = cm.list_credentials(engagement_id, decrypt=False)
+    types = sorted(
+        set([c.get("credential_type") for c in credentials if c.get("credential_type")])
+    )
+
+    if not types:
+        click.echo(click.style("\nNo credential types found.", fg="yellow"))
+        click.pause()
+        return None
+
+    # Add friendly names for common types
+    type_labels = {
+        "password": "password (tested credentials)",
+        "hash": "hash (NTLM/other hashes)",
+        "username": "username (enumerated users only)",
+        "kerberos_tgs": "kerberos_tgs (Kerberoast hashes)",
+        "plaintext": "plaintext (GPP/unencrypted)",
+        "database": "database (DB credentials)",
+        "smb": "smb (SMB credentials)",
+    }
+
+    click.echo("\nAvailable credential types:")
+    click.echo("  [q] Clear filter")
+    for idx, ctype in enumerate(types, 1):
+        count = sum(1 for c in credentials if c.get("credential_type") == ctype)
+        label = type_labels.get(ctype, ctype)
+        click.echo(f"  [{idx}] {label} ({count})")
+
+    try:
+        choice_input = click.prompt("Select type", type=str, default="q").strip()
+        if choice_input == "q":
+            return None
+        try:
+            choice = int(choice_input)
+            if 1 <= choice <= len(types):
+                return types[choice - 1]
+        except ValueError:
+            return None
+    except (KeyboardInterrupt, click.Abort):
+        return None
+
+
 def _filter_credential_by_host(engagement_id: int):
     """Prompt for host filter."""
     from souleyez.storage.hosts import HostManager
@@ -31271,7 +31507,9 @@ def _execute_webpath_quick_action(engagement_id: int, paths: list, hm: "HostMana
                     "  ⚙️  Launching Gobuster for test directories...", fg="yellow"
                 )
             )
-            click.echo(click.style("  ℹ️  Gobuster integration coming soon!", fg="cyan"))
+            click.echo(
+                click.style("  ℹ️  Gobuster integration coming soon!", fg="cyan")
+            )
             click.echo("     For now, manually run:")
             for path in test_dirs[:3]:
                 url = path.get("url", "")
@@ -34820,7 +35058,7 @@ def _view_sqlmap_dumped_data(engagement_id: int):
 
             for table in tables_with_dumps:
                 console.print(
-                    f"  └─ [cyan]{table['table_name']}[/cyan] ({table['row_count']} rows)"
+                    f"    [cyan]{table['table_name']}[/cyan] ({table['row_count']} rows)"
                 )
 
                 # Get dumped data
@@ -35473,18 +35711,24 @@ def view_sqlmap_data(engagement_id: int):
                                 all_columns[key] = set()
                             all_columns[key].update(columns)
 
-                    # Aggregate dumped data
+                    # Aggregate dumped data (track by target URL)
+                    job_target = job.get("target", "")
                     if parsed.get("dumped_data"):
                         for key, data in parsed["dumped_data"].items():
-                            if key not in all_dumped:
-                                all_dumped[key] = data
+                            # Create target-specific key to avoid cross-host bleeding
+                            target_key = f"{job_target}::{key}"
+                            if target_key not in all_dumped:
+                                data["_target"] = job_target
+                                all_dumped[target_key] = data
                             else:
                                 # Merge rows if same table dumped multiple times
-                                existing_rows = all_dumped[key].get("rows", [])
+                                existing_rows = all_dumped[target_key].get("rows", [])
                                 new_rows = data.get("rows", [])
-                                all_dumped[key]["rows"] = existing_rows + new_rows
-                                all_dumped[key]["row_count"] = len(
-                                    all_dumped[key]["rows"]
+                                all_dumped[target_key]["rows"] = (
+                                    existing_rows + new_rows
+                                )
+                                all_dumped[target_key]["row_count"] = len(
+                                    all_dumped[target_key]["rows"]
                                 )
 
                     for vuln in parsed.get("vulnerabilities", []):
@@ -35639,13 +35883,51 @@ def view_sqlmap_data(engagement_id: int):
                 row_num = int(choice)
                 if 1 <= row_num <= len(filtered_injections):
                     inj = filtered_injections[row_num - 1]
+                    inj_url = inj.get("url", "")
+
+                    # Filter databases to only this injection's target
+                    filtered_dbs = set()
+                    filtered_db_to_dbms = {}
+                    for db in all_databases:
+                        db_target = db_to_target.get(db, "")
+                        if db_target in inj_url or inj_url in db_target:
+                            filtered_dbs.add(db)
+                            if db in db_to_dbms:
+                                filtered_db_to_dbms[db] = db_to_dbms[db]
+
+                    # Filter tables to only this injection's target
+                    filtered_tables = {}
+                    filtered_columns = {}
+                    for db, tables in all_tables.items():
+                        for tbl in tables:
+                            table_key = f"{db}.{tbl}"
+                            tbl_target = table_to_target.get(table_key, "")
+                            if tbl_target in inj_url or inj_url in tbl_target:
+                                if db not in filtered_tables:
+                                    filtered_tables[db] = set()
+                                filtered_tables[db].add(tbl)
+                                if table_key in all_columns:
+                                    filtered_columns[table_key] = all_columns[table_key]
+
+                    # Filter dumped data to only this injection's target
+                    filtered_dumped = {}
+                    for key, data in all_dumped.items():
+                        # Key format is "target_url::db.table"
+                        if "::" in key:
+                            target_part = key.split("::")[0]
+                            table_part = key.split("::", 1)[1]
+                            if target_part in inj_url or inj_url in target_part:
+                                filtered_dumped[table_part] = data
+                        elif data.get("_target", "") in inj_url:
+                            filtered_dumped[key] = data
+
                     _view_sqlmap_injection_detail(
                         inj,
-                        all_databases,
-                        all_tables,
-                        all_columns,
-                        db_to_dbms,
-                        all_dumped,
+                        filtered_dbs,
+                        filtered_tables,
+                        filtered_columns,
+                        filtered_db_to_dbms,
+                        filtered_dumped,
                         engagement_id,
                     )
                 else:
@@ -35820,12 +36102,46 @@ def _view_sqlmap_injection_detail(
     from rich.console import Console
     from rich.table import Table
 
+    from souleyez.ui.interactive_selector import _get_key
+
     console = Console()
 
     if all_dumped is None:
         all_dumped = {}
 
-    current_view = "overview"  # 'overview', 'tables', 'data:<table_key>'
+    # View states: 'databases', 'tables:<db>', 'data:<table_key>'
+    current_view = "databases"
+    selected_db = None
+    data_page = 1
+    data_view_all = False
+    db_cursor_pos = 0  # Cursor for database list
+    tbl_cursor_pos = 0  # Cursor for table list
+    show_empty_tables = False  # Hide empty tables by default
+
+    # Build database list with stats
+    db_list = []
+    for db in sorted(all_databases) if all_databases else sorted(all_tables.keys()):
+        tables = all_tables.get(db, set())
+        table_count = len(tables)
+        # Count extracted rows for this database
+        extracted_count = 0
+        extracted_tables = 0
+        for tbl in tables:
+            dumped_key = next((k for k in all_dumped.keys() if tbl in k), None)
+            if dumped_key:
+                extracted_tables += 1
+                extracted_count += all_dumped[dumped_key].get(
+                    "row_count", len(all_dumped[dumped_key].get("rows", []))
+                )
+        db_list.append(
+            {
+                "name": db,
+                "table_count": table_count,
+                "extracted_tables": extracted_tables,
+                "extracted_rows": extracted_count,
+                "dbms": db_to_dbms.get(db, "Unknown"),
+            }
+        )
 
     while True:
         DesignSystem.clear_screen()
@@ -35855,412 +36171,729 @@ def _view_sqlmap_injection_detail(
         )
         click.echo()
 
-        if current_view == "overview":
-            _sqli_detail_overview(
-                inj,
-                all_databases,
-                all_tables,
-                all_columns,
-                db_to_dbms,
+        if current_view == "databases":
+            # Database selector view
+            _sqli_database_selector(
+                db_list,
                 all_dumped,
                 console,
+                db_cursor_pos,
             )
 
-            # Menu
-            click.echo()
+            # Navigation footer
+            click.echo("─" * width)
+            click.echo("  ↑↓/jk: Navigate  |  Enter: View tables  |  q: Back")
             click.echo("─" * width)
-            options = []
-            if all_dumped:
-                # List available tables with numbers
-                table_keys = list(all_dumped.keys())
-                click.echo(click.style("  BROWSE EXTRACTED DATA:", bold=True))
-                for i, key in enumerate(table_keys, 1):
-                    data = all_dumped[key]
-                    row_count = data.get("row_count", len(data.get("rows", [])))
-                    # Highlight credential tables
-                    if any(
-                        x in key.lower()
-                        for x in [
-                            "user",
-                            "account",
-                            "login",
-                            "credential",
-                            "password",
-                            "card",
-                            "payment",
-                        ]
-                    ):
-                        click.echo(
-                            f"    [{i}] {click.style(key, fg='red', bold=True)} ({row_count} rows) 🔐"
-                        )
-                    else:
-                        click.echo(f"    [{i}] {key} ({row_count} rows)")
-                options.extend([str(i) for i in range(1, len(table_keys) + 1)])
-
-            click.echo()
-            click.echo(f"    [t] View all tables structure")
-            click.echo(f"    [q] Back")
-            click.echo()
 
+            # Handle keyboard input
             try:
-                choice = click.prompt("  Select", default="q").strip().lower()
+                key = _get_key()
 
-                if choice == "q":
+                if key in ("q", "Q", "\x1b"):  # q or Escape
                     return
-                elif choice == "t":
-                    current_view = "tables"
-                elif choice.isdigit() and all_dumped:
-                    idx = int(choice) - 1
-                    table_keys = list(all_dumped.keys())
-                    if 0 <= idx < len(table_keys):
-                        current_view = f"data:{table_keys[idx]}"
+                elif key in ("\x1b[A", "k"):  # Up arrow or k
+                    if db_cursor_pos > 0:
+                        db_cursor_pos -= 1
+                elif key in ("\x1b[B", "j"):  # Down arrow or j
+                    if db_cursor_pos < len(db_list) - 1:
+                        db_cursor_pos += 1
+                elif key in ("\r", "\n"):  # Enter
+                    if db_list:
+                        selected_db = db_list[db_cursor_pos]["name"]
+                        current_view = f"tables:{selected_db}"
+                        tbl_cursor_pos = 0
             except (KeyboardInterrupt, click.Abort):
                 return
 
-        elif current_view == "tables":
-            _sqli_detail_tables(
-                all_databases, all_tables, all_columns, db_to_dbms, all_dumped, console
+        elif current_view.startswith("tables:"):
+            db_name = current_view[7:]
+            tables = all_tables.get(db_name, set())
+
+            # Build full table list for this database
+            full_table_list = []
+            for tbl in sorted(tables):
+                dumped_key = next((k for k in all_dumped.keys() if tbl in k), None)
+                # Check if table has data or is a high-value table
+                tbl_lower = tbl.lower()
+                is_high_value = any(
+                    x in tbl_lower
+                    for x in [
+                        "user",
+                        "account",
+                        "login",
+                        "credential",
+                        "password",
+                        "card",
+                        "payment",
+                    ]
+                )
+                full_table_list.append(
+                    {
+                        "db": db_name,
+                        "table": tbl,
+                        "dumped_key": dumped_key,
+                        "has_data": dumped_key is not None,
+                        "is_high_value": is_high_value,
+                    }
+                )
+
+            # Filter table list based on show_empty_tables
+            if show_empty_tables:
+                table_list = full_table_list
+            else:
+                # Show only tables with data or high-value tables
+                table_list = [
+                    t for t in full_table_list if t["has_data"] or t["is_high_value"]
+                ]
+                # If no tables match filter, show all
+                if not table_list:
+                    table_list = full_table_list
+
+            # Ensure cursor is within bounds
+            if tbl_cursor_pos >= len(table_list):
+                tbl_cursor_pos = max(0, len(table_list) - 1)
+
+            # Count hidden tables
+            hidden_count = len(full_table_list) - len(table_list)
+
+            # Show tables for this database
+            _sqli_tables_for_database(
+                db_name,
+                table_list,
+                all_columns,
+                db_to_dbms,
+                all_dumped,
+                console,
+                tbl_cursor_pos,
+                hidden_count=hidden_count,
+                show_all=show_empty_tables,
             )
 
-            click.echo()
+            # Navigation footer
+            click.echo("─" * width)
+            if show_empty_tables:
+                click.echo(
+                    "  ↑↓/jk: Navigate  |  Enter: View data  |  a: Hide empty  |  q: Back"
+                )
+            else:
+                click.echo(
+                    "  ↑↓/jk: Navigate  |  Enter: View data  |  a: Show all  |  q: Back"
+                )
             click.echo("─" * width)
-            click.echo(f"    [b] Back to overview")
-            click.echo()
 
+            # Handle keyboard input
             try:
-                choice = click.prompt("  Select", default="b").strip().lower()
-                if choice == "b":
-                    current_view = "overview"
+                key = _get_key()
+
+                if key in ("q", "Q", "\x1b"):  # q or Escape - back to databases
+                    current_view = "databases"
+                    tbl_cursor_pos = 0
+                elif key in ("\x1b[A", "k"):  # Up arrow or k
+                    if tbl_cursor_pos > 0:
+                        tbl_cursor_pos -= 1
+                elif key in ("\x1b[B", "j"):  # Down arrow or j
+                    if tbl_cursor_pos < len(table_list) - 1:
+                        tbl_cursor_pos += 1
+                elif key in ("a", "A"):  # Toggle show all tables
+                    show_empty_tables = not show_empty_tables
+                    tbl_cursor_pos = 0  # Reset cursor when toggling
+                elif key in ("\r", "\n"):  # Enter
+                    if table_list and table_list[tbl_cursor_pos]["has_data"]:
+                        current_view = (
+                            f"data:{table_list[tbl_cursor_pos]['dumped_key']}"
+                        )
+                        data_page = 1
+                        data_view_all = False
             except (KeyboardInterrupt, click.Abort):
                 return
 
         elif current_view.startswith("data:"):
             table_key = current_view[5:]
             if table_key in all_dumped:
+                table_data = all_dumped[table_key]
+                total_rows = len(table_data.get("rows", []))
+                page_size = 20
+                total_pages = (total_rows + page_size - 1) // page_size
+
                 _sqli_detail_data_table(
-                    table_key, all_dumped[table_key], console, width
+                    table_key,
+                    table_data,
+                    console,
+                    width,
+                    page=data_page,
+                    page_size=page_size,
+                    view_all=data_view_all,
                 )
 
-            click.echo()
             click.echo("─" * width)
-            click.echo(f"    [b] Back to overview")
+            click.echo()
+            if total_rows > page_size and not data_view_all:
+                click.echo("  [n] Next - Next page")
+                click.echo("  [p] Prev - Previous page")
+                click.echo("  [a] All - View all records")
+            elif data_view_all:
+                click.echo("  [a] Paginate - Return to paginated view")
+            click.echo("  [q] Back")
             click.echo()
 
             try:
-                choice = click.prompt("  Select", default="b").strip().lower()
-                if choice == "b":
-                    current_view = "overview"
+                choice = click.prompt("Select option", default="q").strip().lower()
+                if choice == "q":
+                    # Go back to tables view for the selected database
+                    if selected_db:
+                        current_view = f"tables:{selected_db}"
+                    else:
+                        current_view = "databases"
+                    data_page = 1
+                    data_view_all = False
+                elif choice == "n" and not data_view_all and data_page < total_pages:
+                    data_page += 1
+                elif choice == "p" and not data_view_all and data_page > 1:
+                    data_page -= 1
+                elif choice == "a":
+                    data_view_all = not data_view_all
+                    data_page = 1
             except (KeyboardInterrupt, click.Abort):
                 return
 
 
-def _sqli_detail_overview(
-    inj, all_databases, all_tables, all_columns, db_to_dbms, all_dumped, console
+def _sqli_database_selector(db_list, all_dumped, console, cursor_pos):
+    """Show database selector with table counts and extracted data."""
+    from rich.table import Table
+
+    # Count total extracted data
+    total_extracted = 0
+    cred_count = 0
+    for key, data in all_dumped.items():
+        row_count = data.get("row_count", len(data.get("rows", [])))
+        total_extracted += row_count
+        key_lower = key.lower()
+        if any(x in key_lower for x in ["user", "account", "login", "credential"]):
+            cred_count += row_count
+
+    # Summary alert if data extracted
+    if total_extracted > 0:
+        alerts = []
+        if cred_count > 0:
+            alerts.append(f"🔑 {cred_count} credentials")
+        if total_extracted > cred_count:
+            alerts.append(f"📊 {total_extracted} total rows")
+        click.echo(
+            click.style("  ⚠️  EXTRACTED: ", fg="red", bold=True)
+            + click.style("  |  ".join(alerts), fg="red")
+        )
+        click.echo()
+
+    # Summary
+    total_tables = sum(db["table_count"] for db in db_list)
+    extracted_tables = sum(db["extracted_tables"] for db in db_list)
+    click.echo(
+        f"  {click.style('Databases:', bold=True)} {len(db_list)}  |  "
+        f"{click.style('Tables:', bold=True)} {total_tables}  |  "
+        f"{click.style('Extracted:', bold=True, fg='green')} {extracted_tables}"
+    )
+    click.echo()
+
+    # Database table
+    table = Table(
+        show_header=True,
+        header_style="bold cyan",
+        box=DesignSystem.TABLE_BOX,
+        padding=(0, 1),
+        expand=True,
+    )
+    table.add_column("", width=3, no_wrap=True)  # Cursor
+    table.add_column("Database", no_wrap=True)
+    table.add_column("DBMS", width=12)
+    table.add_column("Tables", width=10, justify="right")
+    table.add_column("Extracted", width=12, justify="right")
+    table.add_column("Rows", width=10, justify="right")
+
+    for idx, db in enumerate(db_list):
+        is_selected = idx == cursor_pos
+        cursor = "▶" if is_selected else ""
+
+        name = db["name"]
+        dbms_type = db["dbms"]
+        table_count = db["table_count"]
+        extracted_tables = db["extracted_tables"]
+        extracted_rows = db["extracted_rows"]
+
+        # Highlight rows with extracted data
+        if extracted_tables > 0:
+            if is_selected:
+                table.add_row(
+                    f"[bold yellow]{cursor}[/bold yellow]",
+                    f"[bold yellow]📂 {name}[/bold yellow]",
+                    f"[bold yellow]{dbms_type}[/bold yellow]",
+                    f"[bold yellow]{table_count}[/bold yellow]",
+                    f"[bold yellow]✓ {extracted_tables}[/bold yellow]",
+                    f"[bold yellow]{extracted_rows}[/bold yellow]",
+                )
+            else:
+                table.add_row(
+                    cursor,
+                    f"[green bold]📂 {name}[/green bold]",
+                    dbms_type,
+                    str(table_count),
+                    f"[green]✓ {extracted_tables}[/green]",
+                    f"[green]{extracted_rows}[/green]",
+                )
+        else:
+            if is_selected:
+                table.add_row(
+                    f"[bold yellow]{cursor}[/bold yellow]",
+                    f"[bold yellow]📂 {name}[/bold yellow]",
+                    f"[bold yellow]{dbms_type}[/bold yellow]",
+                    f"[bold yellow]{table_count}[/bold yellow]",
+                    "[bold yellow]-[/bold yellow]",
+                    "[bold yellow]-[/bold yellow]",
+                )
+            else:
+                table.add_row(
+                    cursor,
+                    f"[dim]📂 {name}[/dim]",
+                    f"[dim]{dbms_type}[/dim]",
+                    f"[dim]{table_count}[/dim]",
+                    "[dim]-[/dim]",
+                    "[dim]-[/dim]",
+                )
+
+    console.print(table)
+    click.echo()
+
+
+def _sqli_tables_for_database(
+    db_name,
+    table_list,
+    all_columns,
+    db_to_dbms,
+    all_dumped,
+    console,
+    cursor_pos,
+    hidden_count=0,
+    show_all=False,
 ):
-    """Show overview of SQLi exploitation results."""
+    """Show tables for a specific database with cursor navigation."""
     from rich.table import Table
 
-    # Quick stats
-    total_tables_dumped = len(all_dumped)
+    dbms_type = db_to_dbms.get(db_name, "Unknown")
+
+    # Count extracted data
+    extracted_count = sum(1 for t in table_list if t["has_data"])
     total_rows = sum(
-        d.get("row_count", len(d.get("rows", []))) for d in all_dumped.values()
+        all_dumped[t["dumped_key"]].get(
+            "row_count", len(all_dumped[t["dumped_key"]].get("rows", []))
+        )
+        for t in table_list
+        if t["has_data"]
     )
 
-    # Check for high-value data
-    has_credentials = any(
-        "user" in k.lower() or "account" in k.lower() or "login" in k.lower()
-        for k in all_dumped.keys()
-    )
-    has_cards = any(
-        "card" in k.lower() or "payment" in k.lower() or "credit" in k.lower()
-        for k in all_dumped.keys()
+    # Database header
+    click.echo(f"  {click.style('📂 ' + db_name, bold=True, fg='cyan')} ({dbms_type})")
+    summary_line = (
+        f"  {click.style('Tables:', bold=True)} {len(table_list)}  |  "
+        f"{click.style('Extracted:', bold=True, fg='green')} {extracted_count}  |  "
+        f"{click.style('Rows:', bold=True)} {total_rows}"
     )
-    has_pii = any(
-        "address" in k.lower() or "personal" in k.lower() or "customer" in k.lower()
-        for k in all_dumped.keys()
+    if hidden_count > 0 and not show_all:
+        summary_line += click.style(f"  |  {hidden_count} hidden", dim=True)
+    click.echo(summary_line)
+    click.echo()
+
+    if not table_list:
+        click.echo("  [dim]No tables discovered for this database.[/dim]")
+        return
+
+    # Table list
+    table = Table(
+        show_header=True,
+        header_style="bold cyan",
+        box=DesignSystem.TABLE_BOX,
+        padding=(0, 1),
+        expand=True,
     )
+    table.add_column("", width=3, no_wrap=True)  # Cursor
+    table.add_column("○", width=3, justify="center", no_wrap=True)
+    table.add_column("Table Name", no_wrap=True)
+    table.add_column("Cols", width=8, justify="right")
+    table.add_column("Rows", width=12, justify="right")
+    table.add_column("Type", width=12)
+
+    for idx, tbl_info in enumerate(table_list):
+        tbl = tbl_info["table"]
+        is_selected = idx == cursor_pos
+        cursor = "▶" if is_selected else ""
+
+        table_key = f"{db_name}.{tbl}"
+        cols = all_columns.get(table_key, set())
+        col_count = len(cols) if cols else 0
+
+        # Determine category
+        tbl_lower = tbl.lower()
+        if any(
+            x in tbl_lower
+            for x in ["user", "account", "login", "credential", "password"]
+        ):
+            category = "🔑 Creds"
+        elif any(x in tbl_lower for x in ["card", "payment", "credit"]):
+            category = "💳 Cards"
+        elif any(
+            x in tbl_lower for x in ["address", "personal", "customer", "profile"]
+        ):
+            category = "👤 PII"
+        else:
+            category = ""
 
-    # Impact summary
-    click.echo(click.style("  📊 EXPLOITATION SUMMARY", bold=True, fg="green"))
+        has_data = tbl_info["has_data"]
+        if has_data:
+            dumped_key = tbl_info["dumped_key"]
+            row_count = all_dumped[dumped_key].get(
+                "row_count", len(all_dumped[dumped_key].get("rows", []))
+            )
+            if is_selected:
+                table.add_row(
+                    f"[bold yellow]{cursor}[/bold yellow]",
+                    "[bold yellow]○[/bold yellow]",
+                    f"[bold yellow]{tbl}[/bold yellow]",
+                    f"[bold yellow]{col_count}[/bold yellow]",
+                    f"[bold yellow]✓ {row_count}[/bold yellow]",
+                    f"[bold yellow]{category}[/bold yellow]",
+                )
+            else:
+                table.add_row(
+                    cursor,
+                    "○",
+                    f"[green bold]{tbl}[/green bold]",
+                    str(col_count),
+                    f"[green]✓ {row_count}[/green]",
+                    category,
+                )
+        else:
+            if is_selected:
+                table.add_row(
+                    f"[bold yellow]{cursor}[/bold yellow]",
+                    "[bold yellow]○[/bold yellow]",
+                    f"[bold yellow]{tbl}[/bold yellow]",
+                    f"[bold yellow]{col_count}[/bold yellow]",
+                    "[bold yellow]-[/bold yellow]",
+                    f"[bold yellow]{category}[/bold yellow]",
+                )
+            else:
+                table.add_row(
+                    cursor,
+                    "○",
+                    tbl,
+                    str(col_count),
+                    "[dim]-[/dim]",
+                    category,
+                )
+
+    console.print(table)
     click.echo()
 
-    if total_tables_dumped > 0:
-        click.echo(
-            f"    Tables Extracted: {click.style(str(total_tables_dumped), bold=True, fg='green')}"
-        )
+
+def _sqli_detail_overview_interactive(
+    inj,
+    all_databases,
+    all_tables,
+    all_columns,
+    db_to_dbms,
+    all_dumped,
+    console,
+    cursor_pos,
+    all_table_list,
+):
+    """Show interactive overview with cursor navigation."""
+    from rich.table import Table
+
+    # Count extracted data by category
+    cred_count = 0
+    card_count = 0
+    pii_count = 0
+
+    for key, data in all_dumped.items():
+        row_count = data.get("row_count", len(data.get("rows", [])))
+        key_lower = key.lower()
+        if any(x in key_lower for x in ["user", "account", "login", "credential"]):
+            cred_count += row_count
+        elif any(x in key_lower for x in ["card", "payment", "credit"]):
+            card_count += row_count
+        elif any(
+            x in key_lower for x in ["address", "personal", "customer", "profile"]
+        ):
+            pii_count += row_count
+
+    # Summary alert if data extracted
+    if cred_count > 0 or card_count > 0 or pii_count > 0:
+        alerts = []
+        if cred_count > 0:
+            alerts.append(f"🔑 {cred_count} credentials")
+        if card_count > 0:
+            alerts.append(f"💳 {card_count} cards")
+        if pii_count > 0:
+            alerts.append(f"👤 {pii_count} PII records")
         click.echo(
-            f"    Total Records:    {click.style(str(total_rows), bold=True, fg='green')}"
+            click.style("  ⚠️  EXTRACTED: ", fg="red", bold=True)
+            + click.style("  |  ".join(alerts), fg="red")
         )
         click.echo()
 
-        # Data classification
-        click.echo(click.style("    Data Classification:", bold=True))
-        if has_credentials:
-            click.echo(
-                f"      🔐 {click.style('CREDENTIALS FOUND', fg='red', bold=True)} - User accounts with passwords"
-            )
-        if has_cards:
-            click.echo(
-                f"      💳 {click.style('PAYMENT DATA FOUND', fg='red', bold=True)} - Credit card information"
-            )
-        if has_pii:
-            click.echo(
-                f"      👤 {click.style('PII FOUND', fg='yellow', bold=True)} - Personal addresses/information"
-            )
-        if not (has_credentials or has_cards or has_pii):
-            click.echo(f"      📄 Application data extracted")
-    else:
-        click.echo(f"    {click.style('No data extracted yet', fg='yellow')}")
-        click.echo()
-        click.echo(
-            "    💡 Tables discovered but not yet dumped. Select a table to dump data."
-        )
+    # Database structure
+    if not all_databases and not all_tables:
+        click.echo("  No database structure discovered yet.")
+        click.echo("  💡 Run SQLMap with --tables to enumerate tables.")
+        return
 
+    # Summary line
+    total_tables = len(all_table_list)
+    dumped_count = len(all_dumped)
+    click.echo(
+        f"  {click.style('Total:', bold=True)} {total_tables} tables  |  "
+        f"{click.style('Extracted:', bold=True, fg='green')} {dumped_count}"
+    )
     click.echo()
 
-    # Show credential preview if available
-    if has_credentials:
-        click.echo(click.style("  🔑 CREDENTIALS PREVIEW", bold=True, fg="red"))
+    # Show database structure with Rich table and cursor
+    for db in sorted(all_databases) if all_databases else list(all_tables.keys()):
+        dbms_type = db_to_dbms.get(db, "SQLite")
+        tables = all_tables.get(db, set())
+
+        click.echo(f"  {click.style('📂 ' + db, bold=True, fg='cyan')} ({dbms_type})")
         click.echo()
 
-        for table_key, data in all_dumped.items():
-            if any(x in table_key.lower() for x in ["user", "account", "login"]):
-                rows = data.get("rows", [])
-                columns = data.get("columns", [])
+        if tables:
+            # Create Rich table with cursor column
+            table = Table(
+                show_header=True,
+                header_style="bold cyan",
+                box=DesignSystem.TABLE_BOX,
+                padding=(0, 1),
+                expand=True,
+            )
+
+            table.add_column("", width=3, no_wrap=True)  # Cursor
+            table.add_column("○", width=3, justify="center", no_wrap=True)
+            table.add_column("Table Name", width=28, no_wrap=True)
+            table.add_column("Cols", width=6, justify="right", no_wrap=True)
+            table.add_column("Rows", width=12, justify="right", no_wrap=True)
+            table.add_column("Type", width=12, no_wrap=True)
 
-                # Find credential columns
-                user_col = next(
-                    (
-                        c
-                        for c in columns
-                        if any(
-                            x in c.lower()
-                            for x in ["username", "user", "login", "email"]
-                        )
-                    ),
-                    None,
-                )
-                pass_col = next(
+            sorted_tables = sorted(tables)
+            for tbl in sorted_tables:
+                table_key = f"{db}.{tbl}"
+                cols = all_columns.get(table_key, set())
+
+                # Find this table's index in all_table_list
+                tbl_idx = next(
                     (
-                        c
-                        for c in columns
-                        if any(
-                            x in c.lower()
-                            for x in ["password", "passwd", "hash", "pwd"]
-                        )
+                        i
+                        for i, t in enumerate(all_table_list)
+                        if t["table"] == tbl and t["db"] == db
                     ),
-                    None,
+                    -1,
                 )
-                email_col = next((c for c in columns if "email" in c.lower()), None)
+                is_selected = tbl_idx == cursor_pos
 
-                if user_col or email_col:
-                    # Show first 5 credentials
-                    table = Table(
-                        show_header=True,
-                        header_style="bold red",
-                        box=None,
-                        padding=(0, 2),
-                    )
-                    if user_col:
-                        table.add_column("Username", style="yellow")
-                    if email_col and email_col != user_col:
-                        table.add_column("Email", style="cyan")
-                    if pass_col:
-                        table.add_column("Password/Hash", style="red")
-
-                    for row in rows[:5]:
-                        row_data = []
-                        if user_col:
-                            val = str(row.get(user_col, ""))[:30]
-                            row_data.append(
-                                val
-                                if val and val not in ["<blank>", "None", "NULL"]
-                                else "-"
-                            )
-                        if email_col and email_col != user_col:
-                            val = str(row.get(email_col, ""))[:35]
-                            row_data.append(val if val else "-")
-                        if pass_col:
-                            val = str(row.get(pass_col, ""))[:40]
-                            row_data.append(val if val else "-")
-                        if row_data:
-                            table.add_row(*row_data)
+                # Cursor indicator
+                cursor = "▶" if is_selected else ""
 
-                    console.print(table)
+                # Check if this table has been dumped
+                dumped_key = next((k for k in all_dumped.keys() if tbl in k), None)
+                has_data = dumped_key is not None
 
-                    if len(rows) > 5:
-                        click.echo(f"    ... and {len(rows) - 5} more credentials")
-                    click.echo()
-                break  # Only show first credential table in preview
+                # Determine category
+                tbl_lower = tbl.lower()
+                if any(
+                    x in tbl_lower
+                    for x in ["user", "account", "login", "credential", "password"]
+                ):
+                    category = "🔑 Creds"
+                elif any(x in tbl_lower for x in ["card", "payment", "credit"]):
+                    category = "💳 Cards"
+                elif any(
+                    x in tbl_lower
+                    for x in ["address", "personal", "customer", "profile"]
+                ):
+                    category = "👤 PII"
+                else:
+                    category = ""
+
+                col_count = len(cols) if cols else 0
+
+                if has_data:
+                    row_count = all_dumped[dumped_key].get(
+                        "row_count", len(all_dumped[dumped_key].get("rows", []))
+                    )
+                    if is_selected:
+                        table.add_row(
+                            f"[bold yellow]{cursor}[/bold yellow]",
+                            "[bold yellow]○[/bold yellow]",
+                            f"[bold yellow]{tbl}[/bold yellow]",
+                            f"[bold yellow]{col_count}[/bold yellow]",
+                            f"[bold yellow]✓ {row_count}[/bold yellow]",
+                            f"[bold yellow]{category}[/bold yellow]",
+                        )
+                    else:
+                        table.add_row(
+                            cursor,
+                            "○",
+                            f"[green bold]{tbl}[/green bold]",
+                            str(col_count),
+                            f"[green]✓ {row_count}[/green]",
+                            category,
+                        )
+                else:
+                    if is_selected:
+                        table.add_row(
+                            f"[bold yellow]{cursor}[/bold yellow]",
+                            "[bold yellow]○[/bold yellow]",
+                            f"[bold yellow]{tbl}[/bold yellow]",
+                            f"[bold yellow]{col_count}[/bold yellow]",
+                            "[bold yellow]-[/bold yellow]",
+                            f"[bold yellow]{category}[/bold yellow]",
+                        )
+                    else:
+                        table.add_row(
+                            cursor,
+                            "○",
+                            tbl,
+                            str(col_count),
+                            "[dim]-[/dim]",
+                            category,
+                        )
+
+            console.print(table)
 
-    # Show card preview if available
-    if has_cards:
-        click.echo(click.style("  💳 PAYMENT DATA PREVIEW", bold=True, fg="red"))
         click.echo()
 
-        for table_key, data in all_dumped.items():
-            if any(x in table_key.lower() for x in ["card", "payment", "credit"]):
-                rows = data.get("rows", [])
-                columns = data.get("columns", [])
 
-                # Find card columns
-                name_col = next(
-                    (
-                        c
-                        for c in columns
-                        if any(x in c.lower() for x in ["name", "holder", "fullname"])
-                    ),
-                    None,
-                )
-                card_col = next(
-                    (
-                        c
-                        for c in columns
-                        if any(
-                            x in c.lower()
-                            for x in ["cardnum", "card_number", "ccnumber", "number"]
-                        )
-                    ),
-                    None,
-                )
-                exp_col = next(
-                    (
-                        c
-                        for c in columns
-                        if any(x in c.lower() for x in ["exp", "expir"])
-                    ),
-                    None,
-                )
+def _sqli_detail_overview(
+    inj, all_databases, all_tables, all_columns, db_to_dbms, all_dumped, console
+):
+    """Show overview of SQLi exploitation results with database structure."""
+    from rich.table import Table
 
-                table = Table(
-                    show_header=True, header_style="bold red", box=None, padding=(0, 2)
-                )
-                if name_col:
-                    table.add_column("Cardholder", style="yellow")
-                if card_col:
-                    table.add_column("Card Number", style="red")
-                if exp_col:
-                    table.add_column("Expiry", style="cyan")
-
-                for row in rows[:5]:
-                    row_data = []
-                    if name_col:
-                        row_data.append(str(row.get(name_col, "-"))[:25])
-                    if card_col:
-                        row_data.append(str(row.get(card_col, "-")))
-                    if exp_col:
-                        row_data.append(str(row.get(exp_col, "-")))
-                    if row_data:
-                        table.add_row(*row_data)
+    # Count extracted data by category
+    cred_count = 0
+    card_count = 0
+    pii_count = 0
+
+    for key, data in all_dumped.items():
+        row_count = data.get("row_count", len(data.get("rows", [])))
+        key_lower = key.lower()
+        if any(x in key_lower for x in ["user", "account", "login", "credential"]):
+            cred_count += row_count
+        elif any(x in key_lower for x in ["card", "payment", "credit"]):
+            card_count += row_count
+        elif any(
+            x in key_lower for x in ["address", "personal", "customer", "profile"]
+        ):
+            pii_count += row_count
+
+    # Summary alert if data extracted
+    if cred_count > 0 or card_count > 0 or pii_count > 0:
+        alerts = []
+        if cred_count > 0:
+            alerts.append(f"🔑 {cred_count} credentials")
+        if card_count > 0:
+            alerts.append(f"💳 {card_count} cards")
+        if pii_count > 0:
+            alerts.append(f"👤 {pii_count} PII records")
+        click.echo(
+            click.style("  ⚠️  EXTRACTED: ", fg="red", bold=True)
+            + click.style("  |  ".join(alerts), fg="red")
+        )
+        click.echo()
 
-                console.print(table)
+    # Database structure
+    if not all_databases and not all_tables:
+        click.echo("  No database structure discovered yet.")
+        click.echo("  💡 Run SQLMap with --tables to enumerate tables.")
+        return
 
-                if len(rows) > 5:
-                    click.echo(f"    ... and {len(rows) - 5} more cards")
-                click.echo()
-                break
+    # Show database structure with Rich table (like Host Management)
+    for db in sorted(all_databases) if all_databases else list(all_tables.keys()):
+        dbms_type = db_to_dbms.get(db, "SQLite")
+        tables = all_tables.get(db, set())
 
-    # Show PII/address preview if available
-    if has_pii:
-        click.echo(click.style("  👤 PERSONAL DATA PREVIEW", bold=True, fg="yellow"))
+        click.echo(f"  {click.style('📂 ' + db, bold=True, fg='cyan')} ({dbms_type})")
         click.echo()
 
-        for table_key, data in all_dumped.items():
-            if any(
-                x in table_key.lower()
-                for x in ["address", "personal", "customer", "profile"]
-            ):
-                rows = data.get("rows", [])
-                columns = data.get("columns", [])
+        if tables:
+            # Create Rich table like Host Management
+            table = Table(
+                show_header=True,
+                header_style="bold cyan",
+                box=DesignSystem.TABLE_BOX,
+                padding=(0, 1),
+                expand=True,
+            )
 
-                # Find PII columns
-                name_col = next(
-                    (
-                        c
-                        for c in columns
-                        if any(
-                            x in c.lower() for x in ["name", "fullname", "full_name"]
-                        )
-                    ),
-                    None,
-                )
-                city_col = next((c for c in columns if "city" in c.lower()), None)
-                country_col = next((c for c in columns if "country" in c.lower()), None)
-                address_col = next(
-                    (
-                        c
-                        for c in columns
-                        if any(x in c.lower() for x in ["address", "street"])
-                    ),
-                    None,
-                )
-                phone_col = next(
-                    (
-                        c
-                        for c in columns
-                        if any(x in c.lower() for x in ["phone", "mobile", "tel"])
-                    ),
-                    None,
-                )
-                zip_col = next(
-                    (
-                        c
-                        for c in columns
-                        if any(x in c.lower() for x in ["zip", "postal"])
-                    ),
-                    None,
-                )
+            table.add_column("○", width=5, justify="center", no_wrap=True)
+            table.add_column("Table Name", width=28, no_wrap=True)
+            table.add_column("Cols", width=6, justify="right", no_wrap=True)
+            table.add_column("Rows", width=12, justify="right", no_wrap=True)
+            table.add_column("Type", width=12, no_wrap=True)
 
-                table = Table(
-                    show_header=True,
-                    header_style="bold yellow",
-                    box=None,
-                    padding=(0, 2),
-                )
-                if name_col:
-                    table.add_column("Name", style="yellow")
-                if address_col:
-                    table.add_column("Address", style="white")
-                if city_col:
-                    table.add_column("City", style="cyan")
-                if country_col:
-                    table.add_column("Country", style="cyan")
-                if zip_col:
-                    table.add_column("ZIP", style="dim")
-                if phone_col:
-                    table.add_column("Phone", style="green")
-
-                for row in rows[:5]:
-                    row_data = []
-                    if name_col:
-                        row_data.append(str(row.get(name_col, "-"))[:25])
-                    if address_col:
-                        row_data.append(str(row.get(address_col, "-"))[:30])
-                    if city_col:
-                        row_data.append(str(row.get(city_col, "-"))[:15])
-                    if country_col:
-                        row_data.append(str(row.get(country_col, "-"))[:15])
-                    if zip_col:
-                        row_data.append(str(row.get(zip_col, "-"))[:10])
-                    if phone_col:
-                        row_data.append(str(row.get(phone_col, "-"))[:15])
-                    if row_data:
-                        table.add_row(*row_data)
+            sorted_tables = sorted(tables)
+            for tbl in sorted_tables:
+                table_key = f"{db}.{tbl}"
+                cols = all_columns.get(table_key, set())
 
-                console.print(table)
+                # Check if this table has been dumped
+                dumped_key = next((k for k in all_dumped.keys() if tbl in k), None)
+                has_data = dumped_key is not None
 
-                if len(rows) > 5:
-                    click.echo(f"    ... and {len(rows) - 5} more records")
-                click.echo()
-                break
+                # Determine category
+                tbl_lower = tbl.lower()
+                if any(
+                    x in tbl_lower
+                    for x in ["user", "account", "login", "credential", "password"]
+                ):
+                    category = "🔑 Creds"
+                elif any(x in tbl_lower for x in ["card", "payment", "credit"]):
+                    category = "💳 Cards"
+                elif any(
+                    x in tbl_lower
+                    for x in ["address", "personal", "customer", "profile"]
+                ):
+                    category = "👤 PII"
+                else:
+                    category = ""
+
+                col_count = len(cols) if cols else 0
+
+                if has_data:
+                    row_count = all_dumped[dumped_key].get(
+                        "row_count", len(all_dumped[dumped_key].get("rows", []))
+                    )
+                    table.add_row(
+                        "○",
+                        f"[green bold]{tbl}[/green bold]",
+                        str(col_count),
+                        f"[green]✓ {row_count}[/green]",
+                        category,
+                    )
+                else:
+                    table.add_row(
+                        "○",
+                        tbl,
+                        str(col_count),
+                        "[dim]-[/dim]",
+                        category,
+                    )
+
+            console.print(table)
+
+        click.echo()
 
 
 def _sqli_detail_tables(
     all_databases, all_tables, all_columns, db_to_dbms, all_dumped, console
 ):
     """Show database structure overview."""
-    from rich.text import Text
-    from rich.tree import Tree
+    from rich.table import Table
 
     click.echo(click.style("  📁 DATABASE STRUCTURE", bold=True, fg="cyan"))
     click.echo()
@@ -36270,14 +36903,29 @@ def _sqli_detail_tables(
         click.echo("    💡 Run SQLMap with --tables to enumerate tables.")
         return
 
-    # Build tree structure
     for db in sorted(all_databases) if all_databases else list(all_tables.keys()):
         dbms_type = db_to_dbms.get(db, "SQLite")
         tables = all_tables.get(db, set())
 
         click.echo(f"  {click.style('📂 ' + db, bold=True, fg='cyan')} ({dbms_type})")
+        click.echo()
 
         if tables:
+            # Create Rich table like Host Management
+            table = Table(
+                show_header=True,
+                header_style="bold cyan",
+                box=DesignSystem.TABLE_BOX,
+                padding=(0, 1),
+                expand=True,
+            )
+
+            table.add_column("○", width=5, justify="center", no_wrap=True)
+            table.add_column("Table Name", width=28, no_wrap=True)
+            table.add_column("Cols", width=6, justify="right", no_wrap=True)
+            table.add_column("Rows", width=10, justify="right", no_wrap=True)
+            table.add_column("Type", width=12, no_wrap=True)
+
             sorted_tables = sorted(tables)
             for tbl in sorted_tables:
                 table_key = f"{db}.{tbl}"
@@ -36287,55 +36935,74 @@ def _sqli_detail_tables(
                 dumped_key = next((k for k in all_dumped.keys() if tbl in k), None)
                 has_data = dumped_key is not None
 
-                # Highlight interesting tables
-                is_sensitive = any(
-                    x in tbl.lower()
-                    for x in [
-                        "user",
-                        "account",
-                        "password",
-                        "card",
-                        "payment",
-                        "credential",
-                        "admin",
-                        "secret",
-                    ]
-                )
+                # Determine category
+                tbl_lower = tbl.lower()
+                if any(
+                    x in tbl_lower
+                    for x in ["user", "account", "login", "credential", "password"]
+                ):
+                    category = "🔑 Creds"
+                elif any(x in tbl_lower for x in ["card", "payment", "credit"]):
+                    category = "💳 Cards"
+                elif any(
+                    x in tbl_lower
+                    for x in ["address", "personal", "customer", "profile"]
+                ):
+                    category = "👤 PII"
+                else:
+                    category = ""
+
+                col_count = len(cols) if cols else 0
 
                 if has_data:
                     row_count = all_dumped[dumped_key].get("row_count", 0)
-                    status = click.style(f"✓ {row_count} rows", fg="green")
-                else:
-                    status = click.style("○ not dumped", fg="yellow", dim=True)
-
-                if is_sensitive:
-                    click.echo(
-                        f"    ├─ {click.style(tbl, fg='red', bold=True)} ({len(cols)} cols) {status}"
+                    table.add_row(
+                        "○",
+                        f"[green bold]{tbl}[/green bold]",
+                        str(col_count),
+                        f"[green]✓ {row_count}[/green]",
+                        category,
                     )
                 else:
-                    click.echo(f"    ├─ {tbl} ({len(cols)} cols) {status}")
+                    table.add_row(
+                        "○",
+                        tbl,
+                        str(col_count),
+                        "[dim]-[/dim]",
+                        category,
+                    )
 
-                # Show columns for dumped tables
-                if has_data and cols:
-                    col_list = sorted(cols)[:8]
-                    col_str = ", ".join(col_list)
-                    if len(cols) > 8:
-                        col_str += f" +{len(cols) - 8} more"
-                    click.echo(f"    │   └─ {click.style(col_str, dim=True)}")
+            console.print(table)
 
         click.echo()
 
 
-def _sqli_detail_data_table(table_key: str, data: dict, console, width: int):
-    """Show full data for a specific table."""
+def _sqli_detail_data_table(
+    table_key: str,
+    data: dict,
+    console,
+    width: int,
+    page: int = 1,
+    page_size: int = 20,
+    view_all: bool = False,
+):
+    """Show full data for a specific table with pagination."""
     from rich.table import Table
 
     rows = data.get("rows", [])
     columns = data.get("columns", [])
     row_count = data.get("row_count", len(rows))
+    total_pages = (len(rows) + page_size - 1) // page_size if not view_all else 1
 
     click.echo(click.style(f"  📋 TABLE: {table_key}", bold=True, fg="green"))
-    click.echo(f"     {row_count} records  |  {len(columns)} columns")
+    if view_all:
+        click.echo(
+            f"     {row_count} records  |  {len(columns)} columns  |  Showing ALL"
+        )
+    else:
+        click.echo(
+            f"     {row_count} records  |  {len(columns)} columns  |  Page {page}/{total_pages}"
+        )
     click.echo()
 
     if not rows:
@@ -36398,8 +37065,14 @@ def _sqli_detail_data_table(table_key: str, data: dict, console, width: int):
         else:
             table.add_column(col, max_width=col_width, overflow="ellipsis")
 
-    # Add rows (limit to 20 for display)
-    display_rows = rows[:20]
+    # Add rows with pagination
+    if view_all:
+        display_rows = rows
+    else:
+        start_idx = (page - 1) * page_size
+        end_idx = start_idx + page_size
+        display_rows = rows[start_idx:end_idx]
+
     for row in display_rows:
         row_data = []
         for col in display_cols:
@@ -36412,9 +37085,11 @@ def _sqli_detail_data_table(table_key: str, data: dict, console, width: int):
 
     console.print(table)
 
-    if len(rows) > 20:
+    if not view_all and len(rows) > page_size:
+        start_idx = (page - 1) * page_size
+        end_idx = min(start_idx + page_size, len(rows))
         click.echo()
-        click.echo(f"    ... showing 20 of {len(rows)} rows")
+        click.echo(f"    Showing rows {start_idx + 1}-{end_idx} of {len(rows)}")
 
     # Show hidden columns
     if len(columns) > max_cols:
@@ -40337,6 +41012,30 @@ def _launch_interactive_msfconsole(engagement_id: int):
         rc_path = rc.name
 
     try:
+        # Auto-copy database.yml to /root/.msf4/ if needed
+        # When msfdb init runs as normal user, config is in ~/.msf4/
+        # But sudo msfconsole looks in /root/.msf4/, so we need to copy it
+        from pathlib import Path
+
+        user_db = Path.home() / ".msf4" / "database.yml"
+        root_db = Path("/root/.msf4/database.yml")
+        if user_db.exists():
+            # Check if root's config exists (use sudo to check)
+            check_result = subprocess.run(
+                ["sudo", "test", "-f", str(root_db)], capture_output=True
+            )
+            if check_result.returncode != 0:
+                # Root's config doesn't exist, copy it
+                click.echo(
+                    click.style("  Configuring database for sudo access...", fg="cyan")
+                )
+                subprocess.run(
+                    ["sudo", "mkdir", "-p", "/root/.msf4"], capture_output=True
+                )
+                subprocess.run(
+                    ["sudo", "cp", str(user_db), str(root_db)], capture_output=True
+                )
+
         click.pause("Press Enter to launch msfconsole...")
 
         # Launch msfconsole with our resource script
@@ -40490,18 +41189,27 @@ def _ensure_msf_database_ready():
                 click.style("  MSF database needs initialization...", fg="yellow")
             )
 
-            # Initialize msfdb
+            # Initialize msfdb - distro-aware (Kali needs sudo, Ubuntu doesn't)
+            from souleyez.utils.tool_checker import detect_distro
+
+            distro = detect_distro()
+            use_sudo = distro in ("kali", "parrot")
+
             click.echo("  Running msfdb init (this may take a moment)...")
+            msfdb_cmd = ["sudo", "msfdb", "init"] if use_sudo else ["msfdb", "init"]
             result = subprocess.run(
-                ["sudo", "msfdb", "init"], capture_output=True, text=True, timeout=120
+                msfdb_cmd, capture_output=True, text=True, timeout=120
             )
             if result.returncode == 0:
                 click.echo(click.style("  ✓ MSF database initialized", fg="green"))
             else:
                 # Try msfdb reinit if init fails
                 click.echo(click.style("  Init failed, trying reinit...", fg="yellow"))
+                msfdb_reinit_cmd = (
+                    ["sudo", "msfdb", "reinit"] if use_sudo else ["msfdb", "reinit"]
+                )
                 result = subprocess.run(
-                    ["sudo", "msfdb", "reinit"],
+                    msfdb_reinit_cmd,
                     capture_output=True,
                     text=True,
                     timeout=120,
@@ -40740,7 +41448,14 @@ def _guided_msf_setup():
         click.echo()
         click.echo("  Please run these commands manually:")
         click.echo(click.style("    sudo systemctl start postgresql", fg="cyan"))
-        click.echo(click.style("    sudo msfdb init", fg="cyan"))
+        # Show distro-appropriate msfdb command
+        from souleyez.utils.tool_checker import detect_distro
+
+        distro = detect_distro()
+        if distro in ("kali", "parrot"):
+            click.echo(click.style("    sudo msfdb init", fg="cyan"))
+        else:
+            click.echo(click.style("    msfdb init", fg="cyan"))
         click.echo()
         if not click.confirm("  Continue anyway?", default=False):
             click.pause()
@@ -43405,15 +44120,22 @@ def _check_msfdb_ready() -> bool:
             "  Without it, you won't be able to store hosts, credentials, or loot."
         )
         click.echo()
+
+        # Distro-aware msfdb init (Kali needs sudo, Ubuntu doesn't)
+        from souleyez.utils.tool_checker import detect_distro
+
+        distro = detect_distro()
+        use_sudo = distro in ("kali", "parrot")
+        msfdb_cmd_str = "sudo msfdb init" if use_sudo else "msfdb init"
+        msfdb_cmd = ["sudo", "msfdb", "init"] if use_sudo else ["msfdb", "init"]
+
         if click.confirm(
-            "  Initialize database now? (runs: sudo msfdb init)", default=True
+            f"  Initialize database now? (runs: {msfdb_cmd_str})", default=True
         ):
             click.echo()
-            click.echo(click.style("  Running sudo msfdb init...", fg="cyan"))
+            click.echo(click.style(f"  Running {msfdb_cmd_str}...", fg="cyan"))
             try:
-                result = subprocess.run(
-                    ["sudo", "msfdb", "init"], capture_output=False, text=True
-                )
+                result = subprocess.run(msfdb_cmd, capture_output=False, text=True)
                 if result.returncode == 0:
                     click.echo(
                         click.style("  Database initialized successfully!", fg="green")