SQLMap is an open-source tool that can identify and exploit vulnerabilities in web applications caused by SQL injection.
SQLMap-AI is an AI-powered wrapper for SQLMap that simplifies the process of testing for SQL injection.
It can decide how to proceed next based on the results of its scans, helping it to behave like a human pen tester.
To use it, you’ll need Python 3.7 or higher, SQLMap, certain Python libraries, and an API key from Groq.
It uses Groq’s API to read results and make decisions, performs adaptive testing based on the type of database and results, can bypass web application firewalls, and uses different methods depending on the database in question (MySQL, MSSQL, Oracle or PostgreSQL).
The article includes a real-life example, use cases, and a reminder of the ethical implications of such testing.
Anyone can help develop the software by improving support for more databases, enhancing the reporting UI, developing more advanced WAF detection methods, and including more real-world examples of documentation.