sqlmap-ai 2.0.5__tar.gz → 2.0.8__tar.gz

sqlmap_ai-2.0.8/PKG-INFO

@@ -0,0 +1,157 @@
+Metadata-Version: 2.4
+Name: sqlmap-ai
+Version: 2.0.8
+Summary: AI-powered SQL injection testing tool with multiple AI providers
+Home-page: https://github.com/atiilla/sqlmap-ai
+Author: Atilla
+Author-email: Atilla <attilla@tuta.io>
+Maintainer-email: Atilla <attilla@tuta.io>
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/atiilla/sqlmap-ai
+Project-URL: Documentation, https://github.com/atiilla/sqlmap-ai#readme
+Project-URL: Repository, https://github.com/atiilla/sqlmap-ai.git
+Project-URL: Issues, https://github.com/atiilla/sqlmap-ai/issues
+Keywords: sqlmap,sql-injection,security,ai,penetration-testing,cybersecurity
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: System Administrators
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: System :: Systems Administration
+Classifier: Topic :: Internet :: WWW/HTTP :: HTTP Servers
+Classifier: Topic :: Software Development :: Testing
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: groq>=0.4.0
+Requires-Dist: requests>=2.31.0
+Requires-Dist: openai>=1.3.0
+Requires-Dist: anthropic>=0.8.0
+Requires-Dist: pyyaml>=6.0.1
+Requires-Dist: rich>=13.0.0
+Requires-Dist: jinja2>=3.1.2
+Requires-Dist: cryptography>=3.4.0
+Requires-Dist: colorama>=0.4.6
+Requires-Dist: waitress>=2.1.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.21.0; extra == "dev"
+Requires-Dist: black>=23.0.0; extra == "dev"
+Requires-Dist: flake8>=6.0.0; extra == "dev"
+Requires-Dist: mypy>=1.0.0; extra == "dev"
+Provides-Extra: local-llm
+Requires-Dist: transformers>=4.35.0; extra == "local-llm"
+Requires-Dist: torch>=2.1.0; extra == "local-llm"
+Provides-Extra: reporting
+Requires-Dist: plotly>=5.0.0; extra == "reporting"
+Requires-Dist: pandas>=2.0.0; extra == "reporting"
+Provides-Extra: all
+Requires-Dist: pytest>=7.0.0; extra == "all"
+Requires-Dist: pytest-asyncio>=0.21.0; extra == "all"
+Requires-Dist: black>=23.0.0; extra == "all"
+Requires-Dist: flake8>=6.0.0; extra == "all"
+Requires-Dist: mypy>=1.0.0; extra == "all"
+Requires-Dist: transformers>=4.35.0; extra == "all"
+Requires-Dist: torch>=2.1.0; extra == "all"
+Requires-Dist: plotly>=5.0.0; extra == "all"
+Requires-Dist: pandas>=2.0.0; extra == "all"
+Dynamic: author
+Dynamic: home-page
+Dynamic: license-file
+Dynamic: requires-python
+
+# SQLMap AI Assistant
+
+An AI-powered wrapper around SQLMap that makes SQL injection testing more accessible and automated.
+
+## Features
+
+### Core Features
+- **AI-Assisted Testing** - Intelligent vulnerability analysis and recommendations
+- **Adaptive Testing** - Step-by-step testing that adapts to target responses
+- **Enhanced HTML Reports** - Beautiful, detailed reports with vulnerability details
+- **Parameter Targeting** - Test specific parameters with `-p` option (like original SQLMap)
+- **WAF Bypass** - Automatic tamper script selection for firewall evasion
+- **Database Enumeration** - Complete database, table, and column discovery
+- **Request File Support** - Test from Burp Suite, ZAP, or browser captures
+
+### AI Providers
+- **Groq** - Fastest AI analysis (recommended)
+- **DeepSeek** - Affordable and capable analysis
+- **OpenAI** - GPT-4 powered analysis
+- **Anthropic Claude** - Advanced reasoning
+- **Ollama** - Local, private AI (no cloud required)
+
+### New in v2.0.6
+- [x] **Private Network Scanning** - Local/private IP targets now allowed by default
+- [x] **Configurable Network Policy** - New `allow_private_networks` security setting
+- [x] **Improved Test Coverage** - Added dedicated tests for private network validation
+
+> See the full [Changelog](docs/CHANGELOG.md) for previous versions.
+
+<img src="sqlmap.gif"/>
+
+## Quick Start
+
+**1. Install SQLMap:**
+```bash
+sudo apt install sqlmap    # Debian/Ubuntu/Kali
+brew install sqlmap         # macOS
+```
+
+**2. Install SQLMap AI:**
+```bash
+pip install sqlmap-ai
+sqlmap-ai --install-check
+```
+
+**3. Set an API key** in your `.env` file (e.g., Groq - free & fastest):
+```bash
+GROQ_API_KEY=your_groq_api_key_here
+```
+
+**4. Run:**
+```bash
+sqlmap-ai -u "http://example.com/page.php?id=1"
+```
+
+> See the full [Installation Guide](docs/INSTALLATION.md) for all providers and options.
+
+## Documentation
+
+| Guide | Description |
+|-------|-------------|
+| [Installation](docs/INSTALLATION.md) | Prerequisites, setup, AI provider configuration |
+| [Usage](docs/USAGE.md) | Examples, testing modes, request files, workflows |
+| [Configuration](docs/CONFIGURATION.md) | `.env`, `config.yaml`, command-line reference |
+| [Troubleshooting](docs/TROUBLESHOOTING.md) | Common issues and getting help |
+| [Changelog](docs/CHANGELOG.md) | Version history |
+
+## Requirements
+
+- Python 3.8+
+- SQLMap (must be installed globally on your system)
+  - Kali/Debian/Ubuntu: `sudo apt install sqlmap`
+  - macOS: `brew install sqlmap`
+  - From source: [github.com/sqlmapproject/sqlmap](https://github.com/sqlmapproject/sqlmap)
+- Internet connection (for cloud AI providers)
+- 2GB+ RAM (for Ollama local models)
+
+## License
+
+This project is licensed under the MIT License.
+
+## Disclaimer
+
+This tool is intended for educational and ethical hacking purposes only. Always obtain permission before testing any system or application. The developers are not responsible for any misuse or damage caused by this tool.
+
+## Star History
+
+[![Star History Chart](https://api.star-history.com/svg?repos=atiilla/sqlmap-ai&type=Date)](https://www.star-history.com/#atiilla/sqlmap-ai&Date)

sqlmap_ai-2.0.8/README.md

@@ -0,0 +1,88 @@
+# SQLMap AI Assistant
+
+An AI-powered wrapper around SQLMap that makes SQL injection testing more accessible and automated.
+
+## Features
+
+### Core Features
+- **AI-Assisted Testing** - Intelligent vulnerability analysis and recommendations
+- **Adaptive Testing** - Step-by-step testing that adapts to target responses
+- **Enhanced HTML Reports** - Beautiful, detailed reports with vulnerability details
+- **Parameter Targeting** - Test specific parameters with `-p` option (like original SQLMap)
+- **WAF Bypass** - Automatic tamper script selection for firewall evasion
+- **Database Enumeration** - Complete database, table, and column discovery
+- **Request File Support** - Test from Burp Suite, ZAP, or browser captures
+
+### AI Providers
+- **Groq** - Fastest AI analysis (recommended)
+- **DeepSeek** - Affordable and capable analysis
+- **OpenAI** - GPT-4 powered analysis
+- **Anthropic Claude** - Advanced reasoning
+- **Ollama** - Local, private AI (no cloud required)
+
+### New in v2.0.6
+- [x] **Private Network Scanning** - Local/private IP targets now allowed by default
+- [x] **Configurable Network Policy** - New `allow_private_networks` security setting
+- [x] **Improved Test Coverage** - Added dedicated tests for private network validation
+
+> See the full [Changelog](docs/CHANGELOG.md) for previous versions.
+
+<img src="sqlmap.gif"/>
+
+## Quick Start
+
+**1. Install SQLMap:**
+```bash
+sudo apt install sqlmap    # Debian/Ubuntu/Kali
+brew install sqlmap         # macOS
+```
+
+**2. Install SQLMap AI:**
+```bash
+pip install sqlmap-ai
+sqlmap-ai --install-check
+```
+
+**3. Set an API key** in your `.env` file (e.g., Groq - free & fastest):
+```bash
+GROQ_API_KEY=your_groq_api_key_here
+```
+
+**4. Run:**
+```bash
+sqlmap-ai -u "http://example.com/page.php?id=1"
+```
+
+> See the full [Installation Guide](docs/INSTALLATION.md) for all providers and options.
+
+## Documentation
+
+| Guide | Description |
+|-------|-------------|
+| [Installation](docs/INSTALLATION.md) | Prerequisites, setup, AI provider configuration |
+| [Usage](docs/USAGE.md) | Examples, testing modes, request files, workflows |
+| [Configuration](docs/CONFIGURATION.md) | `.env`, `config.yaml`, command-line reference |
+| [Troubleshooting](docs/TROUBLESHOOTING.md) | Common issues and getting help |
+| [Changelog](docs/CHANGELOG.md) | Version history |
+
+## Requirements
+
+- Python 3.8+
+- SQLMap (must be installed globally on your system)
+  - Kali/Debian/Ubuntu: `sudo apt install sqlmap`
+  - macOS: `brew install sqlmap`
+  - From source: [github.com/sqlmapproject/sqlmap](https://github.com/sqlmapproject/sqlmap)
+- Internet connection (for cloud AI providers)
+- 2GB+ RAM (for Ollama local models)
+
+## License
+
+This project is licensed under the MIT License.
+
+## Disclaimer
+
+This tool is intended for educational and ethical hacking purposes only. Always obtain permission before testing any system or application. The developers are not responsible for any misuse or damage caused by this tool.
+
+## Star History
+
+[![Star History Chart](https://api.star-history.com/svg?repos=atiilla/sqlmap-ai&type=Date)](https://www.star-history.com/#atiilla/sqlmap-ai&Date)

{sqlmap_ai-2.0.5 → sqlmap_ai-2.0.8}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "sqlmap-ai"
-version = "2.0.5"
+version = "2.0.8"
 description = "AI-powered SQL injection testing tool with multiple AI providers"
 readme = "README.md"
 license = "MIT"
@@ -43,6 +43,7 @@ dependencies = [
     "jinja2>=3.1.2",
     "cryptography>=3.4.0",
     "colorama>=0.4.6",
+    "waitress>=2.1.0",
 ]
 
 [project.optional-dependencies]

{sqlmap_ai-2.0.5 → sqlmap_ai-2.0.8}/setup.cfg

@@ -1,4 +1,4 @@
-[egg_info]
-tag_build = 
-tag_date = 0
-
+[egg_info]
+tag_build = 
+tag_date = 0
+

{sqlmap_ai-2.0.5 → sqlmap_ai-2.0.8}/setup.py

@@ -1,8 +1,4 @@
 #!/usr/bin/env python3
-"""
-Setup script for SQLMap AI
-Provides backward compatibility and additional installation features
-"""
 
 import os
 import sys
@@ -19,7 +15,7 @@ def read_readme():
 
 # Read requirements from pyproject.toml
 def get_requirements():
-    """Get requirements from pyproject.toml"""
+    
     try:
         import tomllib
     except ImportError:
@@ -33,7 +29,7 @@ def get_requirements():
     return []
 
 def install_sqlmap():
-    """Install SQLMap if not already installed"""
+    
     try:
         # Check if sqlmap is already installed
         result = subprocess.run(
@@ -43,7 +39,7 @@ def install_sqlmap():
             timeout=10
         )
         if result.returncode == 0:
-            print("✅ SQLMap is already installed")
+            print("✓ SQLMap is already installed")
             return True
     except (subprocess.TimeoutExpired, FileNotFoundError, subprocess.SubprocessError):
         pass
@@ -56,19 +52,19 @@ def install_sqlmap():
             capture_output=True,
             text=True
         )
-        print("✅ SQLMap installed successfully")
+        print("✓ SQLMap installed successfully")
         return True
     except subprocess.CalledProcessError as e:
-        print(f"❌ Failed to install SQLMap: {e}")
+        print(f"X Failed to install SQLMap: {e}")
         print("Please install SQLMap manually: pip install sqlmap")
         return False
 
 def create_env_template():
-    """Create .env template if it doesn't exist"""
+    
     # Use current working directory instead of project root
     env_file = Path.cwd() / ".env"
     if env_file.exists():
-        print("✅ .env file already exists")
+        print("✓ .env file already exists")
         return True
     
     print("📝 Creating .env template...")
@@ -108,15 +104,15 @@ DEFAULT_TIMEOUT=300
     try:
         with open(env_file, 'w') as f:
             f.write(env_content)
-        print("✅ .env template created")
+        print("✓ .env template created")
         print("  Please edit .env file and add your API keys")
         return True
     except Exception as e:
-        print(f"❌ Failed to create .env template: {e}")
+        print(f"X Failed to create .env template: {e}")
         return False
 
 def setup_directories():
-    """Create necessary directories"""
+    
     print("📁 Setting up directories...")
     
     directories = [
@@ -128,15 +124,15 @@ def setup_directories():
     try:
         for directory in directories:
             directory.mkdir(exist_ok=True)
-        print("✅ Directories created")
+        print("✓ Directories created")
         return True
     except Exception as e:
-        print(f"❌ Failed to create directories: {e}")
+        print(f"X Failed to create directories: {e}")
         return False
 
 def run_post_install():
-    """Run post-installation tasks"""
-    print("\n🚀 Running post-installation tasks...")
+    
+    print("\nRunning post-installation tasks...")
     
     success = True
     
@@ -153,13 +149,13 @@ def run_post_install():
         success = False
     
     if success:
-        print("\n🎉 Installation completed successfully!")
+        print("\nInstallation completed successfully!")
         print("\nNext steps:")
         print("1. Edit .env file and add your API keys")
         print("2. Run: sqlmap-ai --config-wizard")
         print("3. Run: sqlmap-ai --help")
     else:
-        print("\n⚠️  Installation completed with issues")
+        print("\n⚠️ Installation completed with issues")
         print("Please resolve the issues above before using SQLMap AI")
     
     return success
@@ -171,12 +167,12 @@ if __name__ == "__main__":
         # Run setup first
         setup(
             name="sqlmap-ai",
-            version="2.0.0",
+            version="2.0.7",
             description="AI-powered SQL injection testing tool with multiple AI providers",
             long_description=read_readme(),
             long_description_content_type="text/markdown",
             author="Atilla",
-            author_email="atiilla@example.com",
+            author_email="attilla@tuta.io",
             url="https://github.com/atiilla/sqlmap-ai",
             packages=find_packages(include=["sqlmap_ai*", "utils*"]),
             include_package_data=True,
@@ -239,7 +235,7 @@ if __name__ == "__main__":
             long_description=read_readme(),
             long_description_content_type="text/markdown",
             author="Atilla",
-            author_email="atiilla@example.com",
+            author_email="attilla@tuta.io",
             url="https://github.com/atiilla/sqlmap-ai",
             packages=find_packages(include=["sqlmap_ai*", "utils*"]),
             include_package_data=True,

{sqlmap_ai-2.0.5 → sqlmap_ai-2.0.8}/sqlmap_ai/__init__.py

@@ -1,10 +1,6 @@
-"""
-SQLMap AI - AI-powered SQL injection testing tool
-"""
-
-__version__ = "2.0.0"
+__version__ = "2.0.8"
 __author__ = "Atilla"
-__email__ = "atiilla@example.com"
+__email__ = "atilla@tuta.io"
 __description__ = "AI-powered SQL injection testing tool with multiple AI providers"
 
 # Import main components

{sqlmap_ai-2.0.5 → sqlmap_ai-2.0.8}/sqlmap_ai/adaptive_testing.py

@@ -24,7 +24,7 @@ class AdaptiveTestingEngine:
         self.test_parameter = test_parameter  # Specific parameter(s) to test
 
     def _add_param_option(self, options: List[str]) -> List[str]:
-        """Add -p parameter option if specified"""
+        
         if self.test_parameter:
             options.append(f"-p {self.test_parameter}")
         return options

{sqlmap_ai-2.0.5 → sqlmap_ai-2.0.8}/sqlmap_ai/advanced_reporting.py

@@ -1,8 +1,3 @@
-"""
-Advanced reporting system with HTML, PDF, and interactive visualizations.
-Provides comprehensive vulnerability analysis and remediation guidance.
-"""
-
 import json
 import time
 import os
@@ -36,7 +31,7 @@ except ImportError:
 
 @dataclass
 class VulnerabilityDetails:
-    """Detailed vulnerability information"""
+    
     parameter: str
     injection_type: str
     payload: str
@@ -50,7 +45,7 @@ class VulnerabilityDetails:
 
 @dataclass
 class ScanStatistics:
-    """Scan performance and statistics"""
+    
     total_requests: int
     successful_injections: int
     false_positives: int
@@ -62,7 +57,7 @@ class ScanStatistics:
 
 @dataclass
 class RemediationGuidance:
-    """Remediation recommendations"""
+    
     immediate_actions: List[str]
     long_term_fixes: List[str]
     secure_coding_practices: List[str]
@@ -71,7 +66,7 @@ class RemediationGuidance:
 
 
 class VulnerabilityAssessment:
-    """Vulnerability risk assessment engine"""
+    
     
     def __init__(self):
         self.risk_factors = {
@@ -106,7 +101,7 @@ class VulnerabilityAssessment:
         }
     
     def assess_vulnerability(self, vuln_data: Dict[str, Any]) -> VulnerabilityDetails:
-        """Assess vulnerability risk and impact"""
+        
         
         # Determine injection type
         injection_type = self._determine_injection_type(vuln_data)
@@ -134,7 +129,7 @@ class VulnerabilityAssessment:
         )
     
     def _determine_injection_type(self, vuln_data: Dict[str, Any]) -> str:
-        """Determine the type of SQL injection"""
+        
         techniques = vuln_data.get('techniques', [])
         
         if 'time-based blind' in str(techniques).lower():
@@ -151,7 +146,7 @@ class VulnerabilityAssessment:
             return "Generic SQL Injection"
     
     def _calculate_risk_score(self, vuln_data: Dict[str, Any]) -> int:
-        """Calculate numerical risk score"""
+        
         base_score = 60  # Base vulnerability score
         
         # Database privileges factor
@@ -180,7 +175,7 @@ class VulnerabilityAssessment:
         return min(base_score, 100)
     
     def _get_risk_level(self, score: int) -> str:
-        """Convert risk score to risk level"""
+        
         if score >= 90:
             return "CRITICAL"
         elif score >= 70:
@@ -193,7 +188,7 @@ class VulnerabilityAssessment:
             return "INFO"
     
     def _assess_exploitation_complexity(self, vuln_data: Dict[str, Any]) -> str:
-        """Assess how difficult the vulnerability is to exploit"""
+        
         factors = 0
         
         # WAF presence increases complexity
@@ -226,7 +221,7 @@ class VulnerabilityAssessment:
             return "Trivial"
     
     def _calculate_remediation_priority(self, risk_score: int, complexity: str) -> str:
-        """Calculate remediation priority"""
+        
         if risk_score >= 90:
             return "IMMEDIATE"
         elif risk_score >= 70:
@@ -240,7 +235,7 @@ class VulnerabilityAssessment:
 
 
 class AdvancedReportGenerator:
-    """Advanced report generator with multiple output formats"""
+    
     
     def __init__(self):
         self.vulnerability_assessor = VulnerabilityAssessment()
@@ -249,7 +244,7 @@ class AdvancedReportGenerator:
         self._create_templates()
     
     def _create_templates(self):
-        """Create HTML templates for reports"""
+        
         if not HAS_JINJA2:
             return
         
@@ -395,7 +390,7 @@ class AdvancedReportGenerator:
         output_format: str = "html",
         output_path: Optional[str] = None
     ) -> str:
-        """Generate comprehensive vulnerability report"""
+        
         
         # Process scan data
         vulnerabilities = self._process_vulnerabilities(scan_data)
@@ -411,7 +406,7 @@ class AdvancedReportGenerator:
             )
     
     def _process_vulnerabilities(self, scan_data: Dict[str, Any]) -> List[VulnerabilityDetails]:
-        """Process scan data to extract vulnerability details"""
+        
         vulnerabilities = []
         
         scan_history = scan_data.get('scan_history', [])
@@ -441,7 +436,7 @@ class AdvancedReportGenerator:
         scan_data: Dict[str, Any], 
         vulnerabilities: List[VulnerabilityDetails]
     ) -> Dict[str, Any]:
-        """Generate scan summary statistics"""
+        
         
         # Calculate overall risk
         if vulnerabilities:
@@ -482,7 +477,7 @@ class AdvancedReportGenerator:
         }
     
     def _generate_remediation_guidance(self, vulnerabilities: List[VulnerabilityDetails]) -> RemediationGuidance:
-        """Generate comprehensive remediation guidance"""
+        
         
         immediate_actions = [
             "Immediately patch or disable vulnerable endpoints",
@@ -542,7 +537,7 @@ class AdvancedReportGenerator:
         remediation: RemediationGuidance,
         output_path: Optional[str] = None
     ) -> str:
-        """Generate HTML report"""
+        
         
         if not HAS_JINJA2:
             return self._generate_simple_html_report(scan_data, vulnerabilities, scan_summary)
@@ -587,7 +582,7 @@ class AdvancedReportGenerator:
         vulnerabilities: List[VulnerabilityDetails],
         scan_summary: Dict[str, Any]
     ) -> str:
-        """Generate simple HTML report without Jinja2"""
+        
         
         html_content = f"""
         <!DOCTYPE html>
@@ -653,7 +648,7 @@ class AdvancedReportGenerator:
         remediation: RemediationGuidance,
         output_path: Optional[str] = None
     ) -> str:
-        """Generate JSON report"""
+        
         
         report_data = {
             "metadata": {
@@ -684,7 +679,7 @@ class AdvancedReportGenerator:
 
     
     def _generate_timeline_chart(self, scan_history: List[Dict[str, Any]]) -> str:
-        """Generate timeline chart of scan steps"""
+        
         
         if not HAS_PLOTLY:
             return ""

{sqlmap_ai-2.0.5 → sqlmap_ai-2.0.8}/sqlmap_ai/ai_analyzer.py

@@ -172,7 +172,7 @@ def ai_suggest_next_steps(report, scan_history=None, extracted_data=None, ai_pro
     return valid_options
 
 def create_simple_prompt(report, structured_info, scan_history=None, extracted_data=None):
-    """Create a simpler prompt for Ollama to avoid timeouts"""
+    
     prompt = """
     You are a SQLMap expert. Analyze this SQL injection scan result and suggest the next steps.