Skip to content

Basic Usage Guide

Learn how to use SQLMap AI effectively for SQL injection testing. This guide covers the fundamental commands and features you'll use most often.

Command Structure

SQLMap AI follows this basic command structure:

sqlmap-ai [MODE] [TARGET] [OPTIONS]

Basic Components

  • MODE: --enhanced, --simple, --adaptive (optional)
  • TARGET: URL (-u) or request file (-r)
  • OPTIONS: AI provider, testing parameters, output options

Basic Commands

1. Simple URL Testing

Test a URL for SQL injection vulnerabilities:

# Basic test
sqlmap-ai -u "http://example.com/page.php?id=1"

# With specific parameter
sqlmap-ai -u "http://example.com/search.php?query=test&category=1"

2. Request File Testing

Test using captured HTTP requests:

# Test with request file
sqlmap-ai -r request.txt

# Test with specific request file
sqlmap-ai -r /path/to/captured_request.txt

3. Testing Modes

Choose your testing approach:

# Enhanced mode (default) - AI-powered testing
sqlmap-ai --enhanced -u "http://example.com/page.php?id=1"

# Simple mode - Basic SQLMap without AI
sqlmap-ai --simple -u "http://example.com/page.php?id=1"

# Adaptive mode - Intelligent step-by-step testing
sqlmap-ai --adaptive -u "http://example.com/page.php?id=1"

AI Provider Selection

Automatic Selection

SQLMap AI automatically selects the best available AI provider:

# Auto-select best provider
sqlmap-ai -u "http://example.com/page.php?id=1"

Manual Selection

Specify your preferred AI provider:

# Use Groq (fastest)
sqlmap-ai -u "http://example.com/page.php?id=1" --ai-provider groq

# Use OpenAI
sqlmap-ai -u "http://example.com/page.php?id=1" --ai-provider openai

# Use Anthropic (Claude)
sqlmap-ai -u "http://example.com/page.php?id=1" --ai-provider anthropic

# Use Ollama (local)
sqlmap-ai -u "http://example.com/page.php?id=1" --ai-provider ollama

Common Options

Output and Reporting

# Save results to file
sqlmap-ai -u "http://example.com/page.php?id=1" --output-dir ./results

# Generate HTML report
sqlmap-ai -u "http://example.com/page.php?id=1" --html-report

# Verbose output
sqlmap-ai -u "http://example.com/page.php?id=1" --verbose

Testing Parameters

# Set risk level (1-3, default: 1)
sqlmap-ai -u "http://example.com/page.php?id=1" --risk 2

# Set level (1-5, default: 1)
sqlmap-ai -u "http://example.com/page.php?id=1" --level 3

# Set number of threads
sqlmap-ai -u "http://example.com/page.php?id=1" --threads 10

# Set timeout
sqlmap-ai -u "http://example.com/page.php?id=1" --timeout 30

Batch Mode

Run without user interaction:

# Non-interactive mode
sqlmap-ai -u "http://example.com/page.php?id=1" --batch

# Force continue on errors
sqlmap-ai -u "http://example.com/page.php?id=1" --batch --force

Practical Examples

Example 1: Basic Vulnerability Scan

# Scan a vulnerable test site
sqlmap-ai -u "http://testphp.vulnweb.com/listproducts.php?cat=1"

Expected Output: 

🚀 SQLMap AI - AI-Powered SQL Injection Testing
================================================

📋 Target Information:
   URL: http://testphp.vulnweb.com/listproducts.php?cat=1
   Method: GET
   Parameter: cat

🤖 AI Provider: Groq (Auto-selected)

🔄 Starting Enhanced Mode...
   ├─ Initial Assessment: Checking for SQL injection vulnerabilities
   ├─ DBMS Identification: Detecting database type
   ├─ Enhanced Testing: Applying advanced techniques
   └─ AI Analysis: Generating insights and recommendations

✅ Results:
   ├─ Vulnerable Parameters: cat (GET)
   ├─ DBMS: MySQL >= 5.6
   ├─ Techniques: Boolean-based blind, time-based blind
   └─ Risk Level: HIGH

Example 2: Request File Testing

# Test with captured request
sqlmap-ai -r login_request.txt --enhanced

Request File Content: 

POST /login.php HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
Content-Type: application/x-www-form-urlencoded
Content-Length: 38

username=admin&password=test

Example 3: Advanced Testing

# Comprehensive scan with custom options
sqlmap-ai --enhanced --adaptive \
  -r request.txt \
  --risk 3 \
  --level 4 \
  --threads 8 \
  --timeout 60 \
  --ai-provider groq \
  --output-dir ./scan_results \
  --html-report

Understanding Output

Console Output

SQLMap AI provides real-time feedback:

🔄 Progress: [████████████████████] 100%
📊 Status: Testing parameter 'id' (GET)
🎯 AI Analysis: Target appears vulnerable to boolean-based injection

Results Summary

After testing, you'll see:

  • Vulnerable Parameters: Which parameters are exploitable
  • DBMS Information: Database type and version
  • Techniques: Successful injection methods
  • Risk Assessment: Overall vulnerability risk
  • AI Recommendations: Next steps and remediation advice

Generated Files

SQLMap AI creates several output files:

./results/
├── sqlmap_ai_report_20241201_143022.html    # HTML report
├── sqlmap_ai_results_20241201_143022.json   # JSON results
├── sqlmap_ai_log_20241201_143022.log        # Detailed log
└── screenshots/                              # Screenshots (if enabled)

Best Practices

1. Start Simple

Begin with basic tests before using advanced features:

# Start with simple mode
sqlmap-ai --simple -u "http://example.com/page.php?id=1"

# Then try enhanced mode
sqlmap-ai --enhanced -u "http://example.com/page.php?id=1"

2. Use Request Files

Capture real requests for more accurate testing:

# Use browser developer tools to capture requests
# Save as .txt file and test
sqlmap-ai -r captured_request.txt

3. Monitor Resources

Be mindful of system resources:

# Limit threads for shared systems
sqlmap-ai -u "http://example.com/page.php?id=1" --threads 5

# Set reasonable timeouts
sqlmap-ai -u "http://example.com/page.php?id=1" --timeout 30

4. Save Results

Always save your results for later analysis:

# Save to specific directory
sqlmap-ai -u "http://example.com/page.php?id=1" --output-dir ./my_results

Common Patterns

Testing Multiple Parameters

# Test all parameters in URL
sqlmap-ai -u "http://example.com/search.php?query=test&category=1&sort=name"

# Test specific parameters
sqlmap-ai -u "http://example.com/search.php?query=test&category=1" --param-exclude=sort

Testing Different HTTP Methods

# Test GET parameters
sqlmap-ai -u "http://example.com/page.php?id=1"

# Test POST data
sqlmap-ai -r post_request.txt

# Test cookies
sqlmap-ai -u "http://example.com/page.php" --cookie="session=abc123"

Testing with Authentication

# Use authentication headers
sqlmap-ai -r request.txt --headers="Authorization: Bearer token123"

# Use session cookies
sqlmap-ai -u "http://example.com/admin.php" --cookie="session=abc123"

Next Steps

Now that you understand basic usage:

  1. Testing Modes: Learn about different testing approaches
  2. Request Files: Master request file testing
  3. Advanced Features: Explore advanced capabilities
  4. Examples: See more real-world examples

Getting Help

# Show all available options
sqlmap-ai --help

# Show enhanced mode help
sqlmap-ai --enhanced --help

# Show simple mode help
sqlmap-ai --simple --help