Add adaptive timeout settings and optimize scan options to prevent timeouts

Author: atiilla

config.yaml

@@ -69,6 +69,13 @@ sqlmap:
   max_risk: 2
   max_threads: 20
   max_timeout: 600
+  timeout_settings:
+    initial_scan: 120
+    follow_up_scan: 300
+    data_extraction: 240
+    complex_scan: 480
+    adaptive_multiplier: 2.0
+    max_adaptive_timeout: 600
 ui:
   confirm_dangerous_operations: true
   enable_colors: true

sqlmap_ai/ai_analyzer.py

@@ -77,11 +77,36 @@ def ai_suggest_next_steps(report, scan_history=None, extracted_data=None):
     if any(opt.startswith('--data=') for opt in options) and "json" in ' '.join(options).lower() and not any(opt == '--json' for opt in options):
         options.append("--json")
 
-    # Filter out options that might cause issues
+    # Filter out options that might cause issues and optimize for timeout prevention
     valid_options = []
+    has_timeout_risk = False
+    
     for opt in options:
-        if not opt.startswith('-d ') and not opt == '-d' and not opt == '--dump-all':
-            valid_options.append(opt)
+        # Skip potentially problematic options
+        if opt.startswith('-d ') or opt == '-d' or opt == '--dump-all':
+            continue
+            
+        # Check for high-complexity options that might cause timeouts
+        if any(high_risk in opt for high_risk in ['--level=4', '--level=5', '--risk=4', '--risk=5', '--dump-all']):
+            has_timeout_risk = True
+            
+        valid_options.append(opt)
+    
+    # If we have timeout risk, suggest a more conservative approach
+    if has_timeout_risk:
+        print_warning("High-complexity options detected. Consider using more conservative settings to avoid timeouts.")
+        # Replace high-risk options with safer alternatives
+        safer_options = []
+        for opt in valid_options:
+            if opt == '--level=4' or opt == '--level=5':
+                safer_options.append('--level=3')
+            elif opt == '--risk=4' or opt == '--risk=5':
+                safer_options.append('--risk=2')
+            elif opt == '--dump-all':
+                safer_options.append('--tables')  # Start with table enumeration instead
+            else:
+                safer_options.append(opt)
+        valid_options = safer_options
 
     if not valid_options and structured_info.get("dbms", "").lower() == "sqlite":
         print_info("Using SQLite-specific options as fallback")
@@ -109,6 +134,13 @@ def create_advanced_prompt(report, structured_info, scan_history=None, extracted
     Look at the scan report, previous steps, and any data extracted to decide the most effective next steps.
     Analyze what has been discovered so far and what remains to be explored.
 
+    # IMPORTANT: TIMEOUT CONSIDERATIONS
+    - Avoid suggesting overly aggressive options that might cause timeouts
+    - Prefer incremental approaches over comprehensive scans
+    - Start with lower levels (1-2) and risks (1-2) before escalating
+    - Use specific techniques rather than broad enumeration when possible
+    - Consider the target's response time and stability
+
     # SCAN REPORT SUMMARY:
     DBMS: {dbms}
     Vulnerable Parameters: {vulnerable_params}
@@ -132,6 +164,14 @@ def create_advanced_prompt(report, structured_info, scan_history=None, extracted
     3. Dumping interesting tables when appropriate
     4. Using techniques that haven't been tried yet
     5. Avoiding techniques that have failed
+    6. Using conservative settings to prevent timeouts
+
+    # OPTIMIZATION GUIDELINES:
+    - Start with level 1-2 and risk 1-2 for initial scans
+    - Use specific techniques (B, E, U, S, T) rather than all at once
+    - Prefer targeted enumeration over broad scanning
+    - Use --tables before --dump to avoid excessive data extraction
+    - Consider using --threads=3-5 for better performance
 
     # DBMS-SPECIFIC GUIDELINES:
     - For SQLite databases: Use '--tables' instead of '--dbs' as SQLite doesn't support database enumeration. 
@@ -142,7 +182,7 @@ def create_advanced_prompt(report, structured_info, scan_history=None, extracted
     # SQL INJECTION SCENARIOS:
     - Classic GET Parameter: For URLs like 'http://target.com/page.php?id=1', use basic options like '--dbs'
     - URL Path Parameter: For URLs like 'http://target.com/page/1/', use asterisk as injection marker (e.g., 'page/1*') and '--dbs'
-    - Multiple Parameters: For URLs with multiple parameters, specify which to test with '-p' or use '--level=3' to test all
+    - Multiple Parameters: For URLs with multiple parameters, specify which to test with '-p' or use '--level=2' to test all
     - POST Parameter: Use '--data' or '--forms' to test POST parameters
     - Cookie-Based: Use '--cookie' to specify cookie values to test
     - Header-Based: Use '--headers' to test HTTP headers for injection
@@ -155,8 +195,9 @@ def create_advanced_prompt(report, structured_info, scan_history=None, extracted
     }}
     ```
 
-    Each option should be a separate string in the array (e.g., "--level=3", "--risk=2").
+    Each option should be a separate string in the array (e.g., "--level=2", "--risk=1").
     Be specific and concise. Don't include basic options like -u (URL) as these will be added automatically.
+    Prefer conservative settings to avoid timeouts.
     """
     report_lines = report.split('\n')
     report_excerpt = '\n'.join(report_lines[-30:]) if len(report_lines) > 30 else report

sqlmap_ai/config_manager.py

@@ -434,3 +434,73 @@ def save_config() -> bool:
 def validate_config() -> List[str]:
     """Validate current configuration"""
     return config_manager.validate_config()
+
+
+def get_timeout_settings():
+    """Get timeout configuration settings"""
+    config = get_config()
+    
+    # Access timeout settings from the config object
+    try:
+        timeout_settings = config.sqlmap.timeout_settings
+        return {
+            'initial_scan': getattr(timeout_settings, 'initial_scan', 120),
+            'follow_up_scan': getattr(timeout_settings, 'follow_up_scan', 300),
+            'data_extraction': getattr(timeout_settings, 'data_extraction', 240),
+            'complex_scan': getattr(timeout_settings, 'complex_scan', 480),
+            'adaptive_multiplier': getattr(timeout_settings, 'adaptive_multiplier', 2.0),
+            'max_adaptive_timeout': getattr(timeout_settings, 'max_adaptive_timeout', 600)
+        }
+    except AttributeError:
+        # Fallback to default values if timeout_settings doesn't exist
+        return {
+            'initial_scan': 120,
+            'follow_up_scan': 300,
+            'data_extraction': 240,
+            'complex_scan': 480,
+            'adaptive_multiplier': 2.0,
+            'max_adaptive_timeout': 600
+        }
+
+def calculate_adaptive_timeout(base_timeout, scan_options, scan_type="follow_up"):
+    """Calculate adaptive timeout based on scan complexity and type"""
+    timeout_settings = get_timeout_settings()
+    
+    # Start with base timeout
+    complexity_multiplier = 1.0
+    
+    # Adjust based on scan type
+    if scan_type == "initial":
+        complexity_multiplier = 1.0
+    elif scan_type == "follow_up":
+        complexity_multiplier = timeout_settings['adaptive_multiplier']
+    elif scan_type == "data_extraction":
+        complexity_multiplier = 0.8  # More conservative for data extraction
+    elif scan_type == "complex":
+        complexity_multiplier = 2.0
+    
+    # Adjust based on scan options
+    if scan_options:
+        options_str = ' '.join(scan_options) if isinstance(scan_options, list) else str(scan_options)
+        
+        # High complexity options
+        if any(high_risk in options_str for high_risk in ['--level=3', '--level=4', '--level=5']):
+            complexity_multiplier += 0.5
+        if any(high_risk in options_str for high_risk in ['--risk=3', '--risk=4', '--risk=5']):
+            complexity_multiplier += 0.3
+        if '--dump' in options_str:
+            complexity_multiplier += 0.4
+        if '--tables' in options_str:
+            complexity_multiplier += 0.2
+        if '--forms' in options_str:
+            complexity_multiplier += 0.3
+        if '--technique=BEUST' in options_str:
+            complexity_multiplier += 0.4
+        if '--dump-all' in options_str:
+            complexity_multiplier += 0.6
+    
+    # Cap the multiplier to prevent excessive timeouts
+    max_multiplier = timeout_settings['max_adaptive_timeout'] / base_timeout
+    complexity_multiplier = min(complexity_multiplier, max_multiplier)
+    
+    return int(base_timeout * complexity_multiplier)

sqlmap_ai/main.py

@@ -14,7 +14,7 @@
     confirm_save_report
 )
 from sqlmap_ai.enhanced_cli import create_cli, handle_cli_commands, EnhancedCLI
-from sqlmap_ai.config_manager import config_manager, get_config
+from sqlmap_ai.config_manager import config_manager, get_config, calculate_adaptive_timeout
 from sqlmap_ai.security_manager import security_manager, SecurityError
 from sqlmap_ai.runner import SQLMapRunner
 from sqlmap_ai.parser import display_report, save_report_to_file, extract_sqlmap_info, create_json_report
@@ -356,11 +356,17 @@ def run_standard_mode(runner, target_url, user_timeout, interactive_mode):
             user_options = get_user_choice(next_options)
             if user_options:
                 print_info("Running follow-up scan...")
-                second_timeout = int(user_timeout * 1.5)
+                
+                # Calculate adaptive timeout based on scan complexity
+                second_timeout = calculate_adaptive_timeout(user_timeout, user_options, "follow_up")
+                
+                print_info(f"Using adaptive timeout: {second_timeout} seconds")
+                
                 result = runner.run_sqlmap(target_url, user_options, timeout=second_timeout, interactive_mode=interactive_mode)
                 if result and "TIMEOUT:" in result:
                     print_warning("Follow-up scan timed out.")
                     print_info("You may still get useful results from the partial scan data.")
+                    print_info("Consider using less aggressive options or increasing timeout for complex scans.")
                 if result:
                     print_success("Test completed successfully!")
                     followup_info = extract_sqlmap_info(result)
@@ -377,10 +383,15 @@ def run_standard_mode(runner, target_url, user_timeout, interactive_mode):
                     ):
                         print_info("Starting data extraction...")
                         extraction_options = f"--dump -T {','.join(followup_info['tables'][:3])}"
+                        
+                        # Use adaptive timeout for data extraction
+                        extraction_timeout = calculate_adaptive_timeout(user_timeout, extraction_options, "data_extraction")
+                        print_info(f"Using extraction timeout: {extraction_timeout} seconds")
+                        
                         extraction_result = runner.run_sqlmap(
                             target_url, 
                             extraction_options, 
-                            timeout=second_timeout,
+                            timeout=extraction_timeout,
                             interactive_mode=interactive_mode
                         )
                         if extraction_result:
@@ -394,6 +405,9 @@ def run_standard_mode(runner, target_url, user_timeout, interactive_mode):
                             if extraction_info.get("extracted"):
                                 extracted_data.update(extraction_info["extracted"])
                             display_report(extraction_result)
+                        elif extraction_result and "TIMEOUT:" in extraction_result:
+                            print_warning("Data extraction timed out.")
+                            print_info("Partial data may be available in the report.")
                     if confirm_save_report():
                         print_info("Creating beautiful HTML report...")
                         try: