Configuration Guide¶

Learn how to configure SQLMap AI for optimal performance and security. This guide covers all configuration options and best practices.

Configuration Files¶

SQLMap AI uses several configuration files to manage settings:

~/.sqlmap-ai/
├── .env                    # Environment variables
├── config.yaml            # Main configuration
└── logs/                  # Log files

Environment Variables (.env)¶

The .env file contains sensitive information like API keys and security settings.

AI Provider Configuration¶

# Groq (Recommended - Fastest)
GROQ_API_KEY=your_groq_api_key_here

# OpenAI
OPENAI_API_KEY=your_openai_api_key_here

# Anthropic (Claude)
ANTHROPIC_API_KEY=your_anthropic_api_key_here

# Ollama (Local AI)
ENABLE_OLLAMA=true
OLLAMA_BASE_URL=http://localhost:11434
OLLAMA_MODEL=llama3.2

Security Settings¶

# Rate limiting
MAX_REQUESTS_PER_MINUTE=60

# Safety features
SAFE_MODE=true
AUDIT_LOGGING=true

# Network settings
REQUEST_TIMEOUT=30
MAX_RETRIES=3

Advanced Settings¶

# Logging
LOG_LEVEL=INFO
LOG_FILE=~/.sqlmap-ai/logs/sqlmap_ai.log

# Output
DEFAULT_OUTPUT_DIR=./results
HTML_REPORT_ENABLED=true

# Performance
DEFAULT_THREADS=5
DEFAULT_TIMEOUT=120

Main Configuration (config.yaml)¶

The config.yaml file contains non-sensitive configuration options.

Basic Configuration¶

version: "2.0"

# Security settings
security:
  safe_mode: true
  max_requests_per_minute: 60
  audit_logging: true
  request_timeout: 30
  max_retries: 3

# SQLMap settings
sqlmap:
  default_timeout: 120
  default_risk: 1
  default_level: 1
  default_threads: 5
  batch_mode: false
  force: false

# AI settings
ai:
  default_provider: "auto"
  enable_analysis: true
  enable_recommendations: true
  analysis_timeout: 30

# UI settings
ui:
  show_banner: true
  interactive_mode: false
  progress_bars: true
  color_output: true

# Output settings
output:
  default_directory: "./results"
  html_report: true
  json_report: true
  log_file: true
  screenshots: false

Advanced Configuration¶

# Database settings
database:
  enabled: false
  type: "sqlite"
  path: "~/.sqlmap-ai/database.db"

# Proxy settings
proxy:
  enabled: false
  http: ""
  https: ""
  username: ""
  password: ""

# Custom headers
headers:
  User-Agent: "SQLMap AI/2.0.1"
  Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
  Accept-Language: "en-US,en;q=0.5"
  Accept-Encoding: "gzip, deflate"

# Tamper scripts
tamper:
  enabled: false
  scripts: []
  custom_scripts: []

# WAF evasion
waf_evasion:
  enabled: true
  techniques:
    - "randomcase"
    - "space2comment"
    - "space2plus"
  custom_techniques: []

Configuration Wizard¶

Use the interactive configuration wizard for easy setup:

sqlmap-ai --config-wizard

The wizard will guide you through:

1. AI Provider Selection
2. Choose your preferred AI providers
3. Configure API keys

4. Test provider connectivity

5. Security Settings

6. Set rate limiting
7. Configure safe mode

8. Enable audit logging

9. SQLMap Options

10. Set default risk and level
11. Configure timeouts

12. Set thread count

13. Output Settings

14. Choose output directory
15. Enable/disable reports

16. Configure logging

17. Advanced Options

18. Proxy settings
19. Custom headers
20. Tamper scripts

Command Line Configuration¶

You can override configuration settings via command line:

AI Provider Options¶

# Select AI provider
sqlmap-ai -u "http://example.com" --ai-provider groq

# Set Ollama model
sqlmap-ai -u "http://example.com" --ai-provider ollama --ollama-model codellama

# Disable AI analysis
sqlmap-ai -u "http://example.com" --no-ai

Security Options¶

# Set rate limit
sqlmap-ai -u "http://example.com" --max-requests 30

# Disable safe mode
sqlmap-ai -u "http://example.com" --no-safe-mode

# Enable audit logging
sqlmap-ai -u "http://example.com" --audit-log

SQLMap Options¶

# Set risk and level
sqlmap-ai -u "http://example.com" --risk 3 --level 5

# Set threads and timeout
sqlmap-ai -u "http://example.com" --threads 10 --timeout 60

# Enable batch mode
sqlmap-ai -u "http://example.com" --batch

Output Options¶

# Set output directory
sqlmap-ai -u "http://example.com" --output-dir ./my_results

# Generate HTML report
sqlmap-ai -u "http://example.com" --html-report

# Enable verbose output
sqlmap-ai -u "http://example.com" --verbose

Configuration Validation¶

Validate Configuration¶

Check if your configuration is valid:

sqlmap-ai --validate-config

This will check: - Environment variables - Configuration file syntax - AI provider connectivity - File permissions

Check AI Providers¶

Verify AI provider setup:

sqlmap-ai --check-providers

Expected output:

✅ Groq: Available
✅ OpenAI: Available
✅ Anthropic: Available
✅ Ollama: Available (llama3.2)

Test Configuration¶

Run a test with your configuration:

# Test with sample target
sqlmap-ai -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --test-config

Best Practices¶

Security Configuration¶

1. Use Environment Variables

   # Good: Use .env file
   GROQ_API_KEY=your_key_here
   
   # Bad: Hardcode in scripts
   export GROQ_API_KEY="your_key_here"
   

2. Enable Safe Mode

   security:
     safe_mode: true
     max_requests_per_minute: 60
   

3. Use Rate Limiting

   # Set reasonable limits
   MAX_REQUESTS_PER_MINUTE=60
   REQUEST_TIMEOUT=30
   

Performance Configuration¶

1. Optimize Threads

   sqlmap:
     default_threads: 5  # Adjust based on system
   

2. Set Timeouts

   sqlmap:
     default_timeout: 120
   ai:
     analysis_timeout: 30
   

3. Enable Caching

   cache:
     enabled: true
     ttl: 3600  # 1 hour
   

Privacy Configuration¶

1. Use Local AI

   # Enable Ollama for privacy
   ENABLE_OLLAMA=true
   OLLAMA_MODEL=llama3.2
   

2. Disable Cloud Providers

   # Comment out cloud API keys
   # GROQ_API_KEY=your_key_here
   # OPENAI_API_KEY=your_key_here
   

3. Use Proxy

   proxy:
     enabled: true
     http: "http://proxy:8080"
     https: "https://proxy:8080"
   

Configuration Examples¶

Development Configuration¶

# config.yaml
version: "2.0"
security:
  safe_mode: true
  max_requests_per_minute: 30
sqlmap:
  default_risk: 1
  default_level: 1
  default_threads: 3
ai:
  default_provider: "groq"
output:
  default_directory: "./dev_results"
  html_report: true

Production Configuration¶

# config.yaml
version: "2.0"
security:
  safe_mode: true
  max_requests_per_minute: 100
  audit_logging: true
sqlmap:
  default_risk: 2
  default_level: 3
  default_threads: 10
ai:
  default_provider: "auto"
output:
  default_directory: "./production_results"
  html_report: true
  json_report: true

Privacy-Focused Configuration¶

# config.yaml
version: "2.0"
security:
  safe_mode: true
  max_requests_per_minute: 60
ai:
  default_provider: "ollama"
  enable_analysis: true
output:
  default_directory: "./private_results"
  html_report: false
  json_report: true

Troubleshooting¶

Common Configuration Issues¶

"Configuration file not found"¶

Solution: Run the configuration wizard

sqlmap-ai --config-wizard

"Invalid YAML syntax"¶

Solution: Validate YAML syntax

# Use online YAML validator
# Or check with Python
python -c "import yaml; yaml.safe_load(open('config.yaml'))"

"Permission denied"¶

Solution: Check file permissions

# Fix permissions
chmod 600 ~/.sqlmap-ai/.env
chmod 644 ~/.sqlmap-ai/config.yaml

Getting Help¶

• Validate config: sqlmap-ai --validate-config
• Check providers: sqlmap-ai --check-providers
• Run wizard: sqlmap-ai --config-wizard
• View logs: ~/.sqlmap-ai/logs/

Next Steps¶

After configuring SQLMap AI:

1. Quick Start: Test your configuration
2. Basic Usage: Learn how to use the tool
3. Testing Modes: Explore different testing approaches
4. Examples: See real-world examples