Added allow_private_networks setting to SecurityConfig for controlling access to local/private IPs.

Author: atiilla

README.md

@@ -0,0 +1,96 @@
+ai_providers:
+  anthropic:
+    api_key_env: ANTHROPIC_API_KEY
+    enabled: false
+    max_tokens: 4096
+    model: claude-3-haiku-20240307
+    name: anthropic
+    priority: 3
+    rate_limit: 1.0
+    timeout: 30
+  groq:
+    api_key_env: GROQ_API_KEY
+    enabled: false
+    max_tokens: 4096
+    model: qwen/qwen3-32b
+    name: groq
+    priority: 1
+    rate_limit: 0.5
+    timeout: 30
+  local:
+    api_key_env: ''
+    enabled: false
+    max_tokens: 512
+    model: microsoft/DialoGPT-medium
+    name: local
+    priority: 5
+    rate_limit: 0.1
+    timeout: 60
+  ollama:
+    api_key_env: ''
+    enabled: false
+    max_tokens: 4096
+    model: llama3.2
+    name: ollama
+    priority: 4
+    rate_limit: 0.5
+    timeout: 60
+  openai:
+    api_key_env: OPENAI_API_KEY
+    enabled: false
+    max_tokens: 4096
+    model: gpt-4o-mini
+    name: openai
+    priority: 2
+    rate_limit: 1.0
+    timeout: 30
+config_version: '1.0'
+custom_settings: {}
+debug: false
+log_level: INFO
+logging:
+  audit_log_file: sqlmap_ai_audit.log
+  backup_count: 5
+  enable_file_logging: true
+  log_directory: logs
+  main_log_file: sqlmap_ai.log
+  max_log_size_mb: 50
+reporting:
+  auto_save: true
+  compress_reports: false
+  default_format: html
+  enable_charts: true
+  enable_json: true
+  enable_pdf: true
+  include_raw_data: false
+  output_directory: reports
+security:
+  allow_private_networks: true
+  allowed_domains: []
+  blocked_domains: []
+  enable_audit_logging: true
+  enable_rate_limiting: true
+  max_concurrent_scans: 3
+  max_requests_per_hour: 500
+  max_requests_per_minute: 30
+  require_confirmation: true
+  safe_mode: true
+sqlmap:
+  custom_tamper_scripts: []
+  default_level: 1
+  default_risk: 1
+  default_threads: 5
+  default_timeout: 120
+  enable_tamper_scripts: true
+  max_level: 3
+  max_risk: 2
+  max_threads: 20
+  max_timeout: 600
+ui:
+  confirm_dangerous_operations: true
+  enable_colors: true
+  interactive_mode: false
+  progress_indicators: true
+  show_banner: true
+  verbose_output: false
+version: 2.0.0

config.yaml

@@ -0,0 +1,12 @@
+# Changelog
+
+## v2.0.6
+- [x] **Private Network Scanning** - Local/private IP targets now allowed by default (configurable via `allow_private_networks` in `config.yaml`)
+- [x] **Configurable Network Policy** - New `allow_private_networks` security setting for controlling local network access
+- [x] **Improved Test Coverage** - Added dedicated tests for private network validation behavior
+
+## v2.0.5
+- [x] **Parameter Selection** - Target specific parameters with `-p id,username`
+- [x] **Enhanced Reports** - Detailed HTML reports with tables, columns, and payloads
+- [x] **Global SQLMap** - Uses your system's SQLMap installation
+- [x] **Bug Fixes** - Improved database tracking and report generation

docs/CHANGELOG.md

@@ -0,0 +1,100 @@
+# Configuration
+
+## .env File
+
+Created automatically by `sqlmap-ai --install-check`:
+
+```bash
+# AI Provider API Keys
+GROQ_API_KEY=your_groq_api_key_here
+OPENAI_API_KEY=your_openai_api_key_here
+ANTHROPIC_API_KEY=your_anthropic_api_key_here
+
+# Ollama Settings (if using local AI)
+ENABLE_OLLAMA=false
+OLLAMA_BASE_URL=http://localhost:11434
+OLLAMA_MODEL=llama3.2
+
+# Security Settings
+MAX_REQUESTS_PER_MINUTE=60
+SAFE_MODE=true
+AUDIT_LOGGING=true
+```
+
+## config.yaml
+
+Created automatically by `sqlmap-ai --config-wizard`:
+
+```yaml
+version: "2.0"
+security:
+  safe_mode: true
+  max_requests_per_minute: 60
+  audit_logging: true
+  allow_private_networks: true  # Set to false to block local/private IP targets
+
+sqlmap:
+  default_timeout: 120
+  default_risk: 1
+  default_level: 1
+  default_threads: 5
+
+ui:
+  show_banner: true
+  interactive_mode: false
+```
+
+## Command-Line Options
+
+### Target Specification
+```bash
+-u, --url URL              Target URL (e.g., "http://example.com/page?id=1")
+-r, --request FILE         Load HTTP request from file (Burp/ZAP/Browser)
+```
+
+### Parameter Testing
+```bash
+-p, --param PARAMS         Test specific parameter(s) (comma-separated)
+                          Examples: -p id | -p id,username,token
+```
+
+### Scanning Options
+```bash
+--adaptive                 Use adaptive step-by-step testing
+--aggressive               Aggressive testing (risk=3, level=5)
+--stealth                  Stealth mode (slower, more evasive)
+--timeout SECONDS          Scan timeout in seconds (default: 120)
+--threads NUM              Number of threads 1-20 (default: 5)
+--risk LEVEL               Risk level 1-3 (default: 1)
+--level LEVEL              Test level 1-5 (default: 1)
+```
+
+### AI Configuration
+```bash
+--ai-provider PROVIDER     AI provider: groq|openai|anthropic|ollama|auto
+--disable-ai               Disable AI analysis
+--ollama-model MODEL       Specific Ollama model to use
+```
+
+### WAF Evasion
+```bash
+--tamper SCRIPTS           Tamper scripts (comma-separated)
+--auto-tamper              Auto-select tamper scripts based on WAF
+--random-agent             Use random User-Agent
+```
+
+### Output Options
+```bash
+--output-dir DIR           Output directory for reports (default: reports)
+--output-format FORMAT     Output format: html|json|text
+--save-json                Save results as JSON
+```
+
+### Configuration Commands
+```bash
+--config-wizard            Run interactive configuration wizard
+--check-providers          Check AI provider availability
+--list-ollama-models       List available Ollama models
+--install-check            Check installation and create config files
+--validate-config          Validate current configuration
+```

docs/CONFIGURATION.md

@@ -0,0 +1,136 @@
+# Installation
+
+## Prerequisites
+
+- Python 3.8+
+- SQLMap (must be installed globally on your system)
+- Internet connection (for cloud AI providers)
+- 2GB+ RAM (for Ollama local models)
+
+## Step 1: Install SQLMap
+
+First, install SQLMap globally on your system:
+
+```bash
+# Kali/Debian/Ubuntu
+sudo apt install sqlmap
+
+# macOS
+brew install sqlmap
+
+# Or from source
+git clone https://github.com/sqlmapproject/sqlmap.git
+cd sqlmap
+sudo python setup.py install
+
+# Verify installation
+sqlmap --version
+```
+
+## Step 2: Install SQLMap AI
+
+```bash
+# Clone the repository
+git clone https://github.com/atiilla/sqlmap-ai.git
+cd sqlmap-ai
+
+# Install the package
+pip install -e .
+
+# Or install from PyPI
+pip install sqlmap-ai
+
+# Run installation check (creates config files)
+sqlmap-ai --install-check
+```
+
+## Step 3: Configure AI Providers
+
+Choose one or more AI providers to use:
+
+### Option A: Groq (Recommended - Fastest)
+1. Get a free API key from [https://console.groq.com](https://console.groq.com)
+2. Add to your `.env` file:
+```bash
+GROQ_API_KEY=your_groq_api_key_here
+```
+
+### Option B: OpenAI
+1. Get an API key from [https://platform.openai.com](https://platform.openai.com)
+2. Add to your `.env` file:
+```bash
+OPENAI_API_KEY=your_openai_api_key_here
+```
+
+### Option C: Anthropic (Claude)
+1. Get an API key from [https://console.anthropic.com](https://console.anthropic.com)
+2. Add to your `.env` file:
+```bash
+ANTHROPIC_API_KEY=your_anthropic_api_key_here
+```
+
+### Option D: Ollama (Local AI - Privacy Focused)
+1. Install Ollama: [https://ollama.ai/download](https://ollama.ai/download)
+2. Start Ollama service:
+```bash
+ollama serve
+```
+3. Download a model:
+```bash
+ollama pull llama3.2
+```
+4. Enable in your `.env` file:
+```bash
+ENABLE_OLLAMA=true
+OLLAMA_MODEL=llama3.2
+```
+
+### Ollama Model Selection
+
+If using Ollama, you can select different models:
+
+```bash
+# List available models
+sqlmap-ai --list-ollama-models
+
+# Interactive model selection
+sqlmap-ai --config-wizard
+```
+
+Popular models:
+- **llama3.2** - Good general performance
+- **codellama** - Specialized for code analysis
+- **mistral** - Fast and efficient
+- **qwen2.5** - Good reasoning capabilities
+
+## Step 4: Run Configuration Wizard
+
+```bash
+# Interactive setup
+sqlmap-ai --config-wizard
+```
+
+This will:
+- Check your AI provider setup
+- Let you select Ollama models (if using Ollama)
+- Configure security settings
+- Set up SQLMap options
+
+## Step 5: Test Your Setup
+
+```bash
+# Check if everything is working
+sqlmap-ai --check-providers
+
+# List available Ollama models (if using Ollama)
+sqlmap-ai --list-ollama-models
+```
+
+## AI Providers Comparison
+
+| Provider | Setup | Speed | Privacy | Cost |
+|----------|-------|-------|---------|------|
+| **Groq** | API Key | Fastest | Cloud | Free tier available |
+| **OpenAI** | API Key | Fast | Cloud | Pay per use |
+| **Anthropic** | API Key | Fast | Cloud | Pay per use |
+| **Ollama** | Local install | Fast | Local | Free |

docs/INSTALLATION.md

@@ -0,0 +1,47 @@
+# Troubleshooting
+
+## Common Issues
+
+**1. "No AI providers available"**
+- Check your `.env` file has correct API keys
+- Run `sqlmap-ai --check-providers` to verify
+
+**2. "Ollama not detected"**
+- Make sure Ollama is running: `ollama serve`
+- Check if models are installed: `ollama list`
+- Verify `.env` has `ENABLE_OLLAMA=true`
+
+**3. "SQLMap not found"**
+- Install SQLMap globally using one of these methods:
+  - **Kali/Debian/Ubuntu:** `sudo apt install sqlmap`
+  - **macOS:** `brew install sqlmap`
+  - **From source:** `git clone https://github.com/sqlmapproject/sqlmap.git && cd sqlmap && sudo python setup.py install`
+- Verify installation: `sqlmap --version`
+
+**4. "Configuration issues"**
+- Run `sqlmap-ai --config-wizard` to fix setup
+- Check `sqlmap-ai --validate-config` for issues
+
+**5. "Request file not working"**
+- Ensure request file has proper HTTP format
+- Check that Host header is present
+- Verify request file path is correct
+- Try with `--simple` mode first: `sqlmap-ai --simple -r request.txt`
+
+**6. "URL validation failed"**
+- When using request files, the URL is automatically extracted
+- Ensure request file contains valid HTTP request
+- Check that the Host header matches the target domain
+
+## Getting Help
+
+```bash
+# Show all available commands
+sqlmap-ai --help
+
+# Show enhanced mode help
+sqlmap-ai --enhanced --help
+
+# Show simple mode help
+sqlmap-ai --simple --help
+```