feat: SQLMap AI with parameter.

fix: rich, colorama packages added.
fix: sqlmapapi.py not found.

Author: atiilla

README.md

@@ -39,6 +39,13 @@ config_version: '1.0'
 custom_settings: {}
 debug: false
 log_level: INFO
+logging:
+  audit_log_file: sqlmap_ai_audit.log
+  backup_count: 5
+  enable_file_logging: true
+  log_directory: logs
+  main_log_file: sqlmap_ai.log
+  max_log_size_mb: 50
 reporting:
   auto_save: true
   compress_reports: false
@@ -69,13 +76,6 @@ sqlmap:
   max_risk: 2
   max_threads: 20
   max_timeout: 600
-  timeout_settings:
-    initial_scan: 120
-    follow_up_scan: 300
-    data_extraction: 240
-    complex_scan: 480
-    adaptive_multiplier: 2.0
-    max_adaptive_timeout: 600
 ui:
   confirm_dangerous_operations: true
   enable_colors: true
@@ -84,10 +84,3 @@ ui:
   show_banner: true
   verbose_output: false
 version: 2.0.0
-logging:
-  log_directory: logs
-  audit_log_file: sqlmap_ai_audit.log
-  main_log_file: sqlmap_ai.log
-  enable_file_logging: true
-  max_log_size_mb: 50
-  backup_count: 5

config.yaml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "sqlmap-ai"
-version = "2.0.4"
+version = "2.0.5"
 description = "AI-powered SQL injection testing tool with multiple AI providers"
 readme = "README.md"
 license = "MIT"
@@ -42,6 +42,7 @@ dependencies = [
     "rich>=13.0.0",
     "jinja2>=3.1.2",
     "cryptography>=3.4.0",
+    "colorama>=0.4.6",
 ]
 
 [project.optional-dependencies]

logs/.gitkeep

@@ -44,22 +44,6 @@ def show_usage():
   sqlmap-ai --config-wizard
   sqlmap-ai --show-config
 
-ENHANCED MODE FEATURES:
-  [X] AI-powered vulnerability analysis
-  [X] Adaptive testing strategies
-  [X] WAF evasion techniques
-  [X] Beautiful HTML reports
-  [X] Risk assessment and remediation guidance
-  [X] Interactive CLI with progress tracking
-  [X] Multiple AI providers (Groq, OpenAI, Anthropic)
-  [X] Advanced configuration management
-
-SIMPLE MODE FEATURES:
-  [X] Basic SQL injection detection
-  [X] Standard SQLMap functionality
-  [X] Minimal dependencies
-  [X] Fast execution
-
 For full help: sqlmap-ai --help
 For enhanced mode help: sqlmap-ai --enhanced --help
 For simple mode help: sqlmap-ai --simple --help

pyproject.toml

@@ -11,7 +11,7 @@
 from sqlmap_ai.parser import extract_sqlmap_info
 from sqlmap_ai.ai_analyzer import ai_suggest_next_steps
 class AdaptiveTestingEngine:
-    def __init__(self, runner, interactive_mode=False, default_timeout=120):
+    def __init__(self, runner, interactive_mode=False, default_timeout=120, test_parameter=None):
         self.runner = runner
         self.interactive_mode = interactive_mode
         self.default_timeout = default_timeout
@@ -20,6 +20,15 @@ def __init__(self, runner, interactive_mode=False, default_timeout=120):
         self.detected_waf = False
         self.vulnerable_params = []
         self.tamper_scripts_used = []
+        self.found_databases = []  # Track databases found across all steps
+        self.test_parameter = test_parameter  # Specific parameter(s) to test
+
+    def _add_param_option(self, options: List[str]) -> List[str]:
+        """Add -p parameter option if specified"""
+        if self.test_parameter:
+            options.append(f"-p {self.test_parameter}")
+        return options
+
     def run_adaptive_test(self, target_url: str) -> Dict[str, Any]:
         if not self._validate_url(target_url):
             return {
@@ -66,8 +75,9 @@ def run_adaptive_test(self, target_url: str) -> Dict[str, Any]:
         if initial_info["databases"]:
             print_success("SQL injection vulnerability confirmed!")
             self.vulnerable_params = initial_info["vulnerable_parameters"]
+            self.found_databases = initial_info["databases"]  # Store databases found in Step 1
             if any(db.lower() in ["mysql", "mssql", "oracle", "postgresql"] for db in initial_info["techniques"]):
-                self.detected_dbms = next((db for db in initial_info["techniques"] 
+                self.detected_dbms = next((db for db in initial_info["techniques"]
                                           if db.lower() in ["mysql", "mssql", "oracle", "postgresql"]), None)
                 print_success(f"DBMS identified: {self.detected_dbms}")
                 step3_result = self._run_step3_dbms_specific(target_url)
@@ -114,19 +124,23 @@ def _validate_url(self, url: str) -> bool:
             return False
         return True
     def _run_step1_assessment(self, target_url: str) -> Optional[str]:
-        print_info("Running initial assessment with --batch --dbs --threads=5")
+        options = ["--batch", "--dbs", "--threads=5"]
+        options = self._add_param_option(options)
+        print_info(f"Running initial assessment with {' '.join(options)}")
         result = self.runner.run_sqlmap(
             target_url=target_url,
-            options=["--batch", "--dbs", "--threads=5"],
+            options=options,
             timeout=self.default_timeout,
             interactive_mode=self.interactive_mode
         )
         return result
     def _run_step2_identify_dbms(self, target_url: str) -> Optional[str]:
-        print_info("Running DBMS fingerprinting with --threads=5")
+        options = ["--batch", "--fingerprint", "--threads=5"]
+        options = self._add_param_option(options)
+        print_info(f"Running DBMS fingerprinting with {' '.join(options)}")
         result = self.runner.run_sqlmap(
             target_url=target_url,
-            options=["--batch", "--fingerprint", "--threads=5"],
+            options=options,
             timeout=self.default_timeout,
             interactive_mode=self.interactive_mode
         )
@@ -171,13 +185,22 @@ def _run_step3_dbms_specific(self, target_url: str) -> Dict[str, Any]:
             result = limited_result
         dbms_info = extract_sqlmap_info(result)
         databases = dbms_info.get("databases", [])
+        # Update found_databases if new ones are discovered
+        if databases:
+            for db in databases:
+                if db not in self.found_databases:
+                    self.found_databases.append(db)
         self.scan_history.append({
             "step": "dbms_specific_scan",
             "command": f"sqlmap -u {target_url} --batch --dbms={self.detected_dbms.lower()} --tables --threads=5",
             "result": dbms_info
         })
-        if databases:
-            print_success(f"Found {len(databases)} databases")
+        # Check if databases exist from any previous step
+        if self.found_databases:
+            if databases:
+                print_success(f"Found {len(databases)} databases")
+            else:
+                print_info(f"Using {len(self.found_databases)} databases from previous steps")
             tables = dbms_info.get("tables", [])
             if tables:
                 print_success(f"Found {len(tables)} tables")
@@ -283,11 +306,12 @@ def _run_step3_dbms_specific(self, target_url: str) -> Dict[str, Any]:
                         "scan_history": self.scan_history,
                         "message": "Found databases but unable to enumerate tables or extract data. "
                                   "The database might be empty or protected against enumeration.",
-                        "databases_found": databases
+                        "databases_found": self.found_databases
                     }
                 return enhanced_result
         else:
-            print_warning("No databases enumerated. Moving to enhanced testing.")
+            # This should rarely happen now since we track databases globally
+            print_warning("No databases found yet. Moving to enhanced testing.")
             return self._run_step4_enhanced_testing(target_url)
     def _run_step4_enhanced_testing(self, target_url: str) -> Dict[str, Any]:
         print_info("🔴 Step 4: Enhanced Testing")
@@ -770,10 +794,11 @@ def _prepare_final_results(self, results: Dict[str, Any], methods_tested: List[s
                 "message": "All testing methods failed. Target may not be vulnerable.",
                 "scan_history": self.scan_history
             }
-def run_adaptive_test_sequence(runner, target_url, interactive_mode=False, timeout=120):
+def run_adaptive_test_sequence(runner, target_url, interactive_mode=False, timeout=120, test_parameter=None):
     engine = AdaptiveTestingEngine(
         runner=runner,
         interactive_mode=interactive_mode,
-        default_timeout=timeout
+        default_timeout=timeout,
+        test_parameter=test_parameter
     )
     return engine.run_adaptive_test(target_url) 

run.py

@@ -12,7 +12,6 @@
 from dataclasses import asdict
 
 try:
-    import click
     from rich.console import Console
     from rich.table import Table
     from rich.panel import Panel
@@ -23,7 +22,6 @@
     HAS_RICH = True
 except ImportError:
     HAS_RICH = False
-    click = None
 
 from sqlmap_ai.config_manager import config_manager, get_config
 from sqlmap_ai.security_manager import security_manager
@@ -163,7 +161,12 @@ def create_parser(self) -> argparse.ArgumentParser:
             choices=[1, 2, 3, 4, 5],
             help='Test level (1-5, default from config)'
         )
-        
+        scan_group.add_argument(
+            '-p', '--param',
+            dest='test_parameter',
+            help='Specific parameter(s) to test (comma-separated)'
+        )
+
         # WAF Evasion
         evasion_group = parser.add_argument_group('WAF Evasion')
         evasion_group.add_argument(