AI-assisted SQLMap orchestration + real-time dashboard + MCP tool server (agent-ready)
A guided, repeatable workflow: Targets → Preflight → Phased Scan → AI Assist → Evidence → Report
✅ Renamed branding from Intelligence → Autonomous AI
✅ Added MCPFast (FastMCP) command-line usage (No UI required)
✅ MCP supports URL scan and targetlist (.txt) scan
✅ Best for Windows + Linux servers (headless / no GUI)
SQLMAP SKYNET wraps sqlmap.py with a Neural Ops workflow — fast, structured, and trackable.
- ✅ Operational phases (Detect → Bypass → Enumerate → Dump)
- ✅ Dashboard visibility (logs, stats, artifacts)
- ✅ Autonomous AI tuning (Ollama / Cloud)
- ✅ RAG intelligence (learns from success, recalls patterns)
- ✅ MCP tool server (agent automation)
Goal: higher signal, less noise, and reports real proof.
flowchart TD
A["1. Targets<br/>single URL or list"] --> B["2. Preflight<br/>GET or POST + headers + cookies + safe limits"]
B --> C["3A. Dashboard Control<br/>FastAPI UI + WebSocket"]
B --> D["3B. MCP Control<br/>Agent tool calls"]
C --> E["4. Runner Core<br/>SQLMapRunner -> SQLMapBackend -> sqlmap.py"]
D --> E
E --> F["5A. Autonomous AI<br/>Ollama first, cloud fallback"]
E --> G["5B. RAG Memory<br/>learn + recall"]
E --> H["5C. Web Intel<br/>optional search"]
E --> I["5D. WAF Intel<br/>fingerprint + bypass hints"]
F --> J["6. Artifacts<br/>reports + logs + sessions"]
G --> J
H --> J
I --> J
J --> K["7. View or Export<br/>Dashboard + files"]
flowchart TD
subgraph INPUT["INPUT"]
T["Targets"] --> PF["Preflight"]
end
subgraph CONTROL["CONTROL"]
UI["Dashboard"] --- MCP["MCP Client"]
end
subgraph ENGINE["ENGINE"]
RUN["Runner Core"] --> SM["sqlmap.py"]
end
subgraph INTEL["INTEL"]
AI["Autonomous AI"] --- RAG["RAG Memory"] --- WEB["Web Intel"] --- WAF["WAF Intel"]
end
subgraph OUTPUT["OUTPUT"]
ART["Artifacts"] --> REP["Reports"]
end
PF --> CONTROL
CONTROL --> ENGINE
ENGINE <--> INTEL
ENGINE --> OUTPUT
Key idea: MCP and Dashboard are two ways to drive the same engine logic:
- Dashboard = human operator UI
- MCP = agent/tool interface
 |
 |
 |
 |
 |
 |
- Windows 10/11 64-bit
- Python 3.12+
- Git
sqlmap.pypresent (recommended:.\sqlmap\sqlmap.py)- Any CPU / 8GB RAM
Use Cloud AI (OpenAI / Groq / DeepSeek / Kimi / Claude) or run with AI features OFF.
- Windows 10/11 64-bit
- Python 3.12+
- 16GB RAM (recommended)
- GPU optional (faster with Nvidia GPU + VRAM)
- Ollama + Llama 3.2 model (
llama3.2:latest)
Tip: Llama 3.2 in Ollama has small variants (1B/3B). If your PC is weak, local AI still works — just expect slower responses.
- Install & setup (Tested on Windows)
- Install sqlmap.py
- Install Ollama + Llama 3.2
- Run SKYNET dashboard
- First scan tutorial
- Enable MCP server (agent mode)
- Cloud AI setup (if your PC is weak)
- Config power tips (config.py)
- Full project structure map
- Artifacts
- Community & Resources
- 🤝 Contributing
- 📜 License
⚠️ Disclaimer
Open PowerShell:
git clone https://github.com/drcrypterdotru/sqlmap-skynet
cd sqlmap-skynetpy -3.12 -m venv .venv
.\.venv\Scripts\Activate.ps1
python --versionpip install -U fastapi uvicorn python-dotenv aiohttp requests numpy scikit-learnOptional (for MCP server over HTTP):
pip install -U fastmcpCopy-Item .env.example .envOpen .env and set what you need:
- Local AI: Ollama (recommended)
- Or Cloud AI keys (if PC is weak)
Best practice (inside project folder):
git clone https://github.com/sqlmapproject/sqlmap.git sqlmap✅ You must have:
sqlmap-skynet\
sqlmap\sqlmap.py
main.py
config.py
...
- Download & install Ollama for Windows from the official site.
- After install, open a new PowerShell and verify:
ollama --versionYour config.py sets:
OLLAMA_MODELS['default'] = 'llama3.2:latest'
Pull it:
ollama pull llama3.2:latestTest:
ollama run llama3.2:latestIf you want to switch model later, edit
config.pyunderOLLAMA_MODELS.
Start the server:
python main.py --host 0.0.0.0 --port 1337 --debugOpen:
- Dashboard:
http://127.0.0.1:1337
Use a target you own / have permission to test.
In the dashboard:
- Paste one URL or multiple URLs (one per line)
- GET for query params
- POST for login/forms
- Headers (User-Agent, Authorization)
- Cookies (session token)
- POST body (for POST scans)
Choose safe defaults:
max_cycles = 30- RAG = ON (recommended)
- Web Search = OFF (start simple)
Then click Start.
After the scan:
- Check
sqlmap_reports\ - Check
memory\sessions\(if RAG enabled)
MCP allows an AI agent to call SKYNET tools:
sqlmap_scan→ starts scan (usessqlmap.py)get_scan_status→ polling status/resultsget_ai_providers→ shows available AI backends
pip install -U fastmcpRun in a new PowerShell (keep dashboard in another terminal if you want both):
fastmcp run .\mcp\server.py:mcp --transport http --host 127.0.0.1 --port 8055Your MCP endpoint:
http://127.0.0.1:8055/mcp
fastmcp list http://127.0.0.1:8055/mcp✅ Yes. MCP tool sqlmap_scan creates SQLMapRunner("sqlmap.py"), and the runner uses core/autonomous_ai.py.
So MCP calls automatically use your Autonomous AI + RAG logic (no module changes needed).
Sometimes you don’t want the dashboard (example: Linux server / VPS / headless box).
You can run SKYNET fully from command line using FastMCP — perfect when you don’t have a GUI.
Open terminal in project root:
fastmcp run .\mcp\server.py:mcp --transport http --host 127.0.0.1 --port 8055MCP endpoint:
http://127.0.0.1:8055/mcp
Run these commands (this is the fastest proof MCP is healthy):
fastmcp list http://127.0.0.1:8055/mcp --auth none
fastmcp call http://127.0.0.1:8055/mcp get_ai_providers --auth none
fastmcp call http://127.0.0.1:8055/mcp get_scan_status --auth noneWhat you should see
- Tools (3):
sqlmap_scan,get_scan_status,get_ai_providers - Providers:
ollama(recommended) - Status:
running=falseuntil you start a scan
fastmcp call http://127.0.0.1:8055/mcp sqlmap_scan --auth none ^
url="http://testphp.vulnweb.com/artists.php?artist=1" ^
method="GET" ^
max_cycles=10 ^
ai_provider="ollama"Create target.txt in project root (one URL per line), then:
fastmcp call http://127.0.0.1:8055/mcp sqlmap_scan --auth none ^
targetlist="target.txt" ^
method="GET" ^
max_cycles=10 ^
ai_provider="ollama"Tip:
targetlistshould be inside the project folder for safety.
If you can't run Ollama fast (low RAM/CPU), you can use Cloud AI.
- Open
.env - Add ONE key (example OpenAI):
OPENAI_API_KEY=YOUR_KEY_HERE
Other supported keys:
GROQ_API_KEY=...DEEPSEEK_API_KEY=...KIMI_API_KEY=...ANTHROPIC_API_KEY=...
SKYNET will detect which providers are available and use them when needed.
Provider priority is defined in
config.pyasAI_PRIORITY.
config.py is the brains + intel database of SKYNET.
If you want better results, this is the first file to tune.
Tip: On GitHub you can click the file:
config.py→ then use the browser search (Ctrl+F) for the section names below.
- ✅ AI models (Ollama model names)
- ✅ AI provider priority (Ollama first or cloud first)
- ✅ WAF bypass packs (delay/threads/tamper presets)
- ✅ Tamper script database (profiles by aggressiveness)
- ✅ Technique priority (faster signal, less noise)
- ✅ Keyword intelligence (High-Value Columns (Keyword Intel): Customize the keyword list to match your environment (examples: crypto, email, password, hash, token, apikey, secret). SKYNET will prioritize and highlight matching columns so you can identify impact faster.)
1) OLLAMA_MODELS — local model selection
SKYNET reads the local Ollama model name from:
OLLAMA_MODELS = {"default": "llama3.2:latest"}What to do:
- Keep
llama3.2:latestas default if it works well on your PC. - If your PC is slow, use a smaller model (if you have it in Ollama) and set it here.
Why it matters: model choice affects speed + quality of AI plans.
2) AI_PRIORITY — which AI provider is used first
Example:
AI_PRIORITY = ["ollama","deepseek","kimi","groq","openai","claude"]What to do:
- Want offline-first? keep
ollamafirst. - Want cloud-first? move your cloud provider to the front.
Why it matters: the first available provider in this list is used most often.
3) REAL_WORLD_BYPASSES — WAF/Block presets (very important)
This section is like a “bypass playbook”.
It stores presets for common conditions like:
- Cloudflare / Akamai / Imperva / Sucuri
- ModSecurity / AWS WAF
- Generic 403 / rate limiting / captcha pages
Typical preset contains:
delayand timingthreads(lower threads = less blocks)tamper_scripts(safe → aggressive)
How SKYNET uses it:
- if it detects blocking patterns (403, suspicious headers, WAF signatures), it can propose one of these presets automatically.
Operator tip:
- Start with low/no tamper + low threads.
- Increase only if you are authorized and you confirm WAF behavior.
4) TAMPER_SCRIPTS — tamper profiles (basic → aggressive)
Tamper scripts can help evade filters but they can also:
- slow scans
- increase false positives
- increase detection/noise
SKYNET organizes them into groups like:
basicmoderateaggressivewaf_specific
Best practice:
- Use basic first.
- Use moderate only when blocked.
- Use aggressive only with permission + clear block evidence.
5) TECHNIQUE_PRIORITY — faster signal with less noise
This controls which SQLi techniques SKYNET tries to focus on first (depending on your logic).
Typical techniques:
- Error-based
- Union-based
- Boolean-based
- Time-based
Why it matters:
On many real targets, hammering time-based from the start creates slow scans + blocks.
A good priority order can produce faster confirmation and cleaner results.
6) HIGH_VALUE_COLUMNS — keyword intel that improves result quality
This is one of the strongest “operator experience” features.
HIGH_VALUE_COLUMNS contains keywords like:
password,pass,hashemail,phonetoken,apikey,secretsession,cookiecard,cc,billingadmin,role,permission
How SKYNET uses it:
- When enumeration finds many columns, SKYNET highlights likely high-value fields.
- This makes results easier to read and reduces time wasted on irrelevant tables.
Customize it for your environment Add your own keywords, for example:
- HR:
employee_id,salary,department - Finance:
invoice,receipt,balance - E-commerce:
order_id,shipment,cart - Your apps:
telegram,line_id,customer_uid
Big win: better keyword intel = faster identification of “real impact” in a report.
7) Other useful knobs you may have in config.py
Depending on your version, you may also see:
- default delays/threads limits
- retry policy / backoff
- request headers templates
- detection patterns / error signature lists
- file browser root restrictions
If you’re unsure: keep defaults and tune slowly.
If you want users to click from README:
- Add a GitHub link in your repo to
config.py(example):./config.py
- In GitHub, it becomes clickable automatically.
Example you can paste anywhere in README:
See: [config.py](./config.py)sqlmap-skynet/
├─ 🚀 main.py
│ └─ FastAPI dashboard server + WebSocket control + scan orchestration
├─ 🧠 config.py
│ └─ AI models + provider priority + WAF bypass packs + tamper DB + keyword intel
├─ 🧩 api.py
│ └─ (optional/legacy) stats endpoint helper (older Flask-based helper)
├─ 🧪 .env / .env.example
│
├─ 🛠️ scanners/
│ ├─ 🧭 runner.py
│ │ └─ Phase engine (detect → bypass → enumerate → dump) + session state
│ └─ 🧱 sqlmap_backend.py
│ └─ Builds and executes real `sqlmap.py` commands
│
├─ 🧠 core/
│ ├─ 🤖 autonomous_ai.py
│ │ └─ AI planner + provider health + JSON plan parsing
│ ├─ 🧬 rag_memory.py
│ │ └─ Store/recall session intelligence (learn from past scans)
│ ├─ 🧾 report_generator.py
│ │ └─ Build artifacts/reports from results
│ ├─ 📡 state_manager.py
│ │ └─ Shared runtime state (running/progress/results)
│ ├─ 🛡️ waf_intel.py
│ │ └─ WAF fingerprinting + mutation ideas + learning profile
│ └─ 🧿 debug_logger.py
│ └─ Colored logs + structured tags
│
├─ 🔎 search/
│ └─ 🌐 web_search.py
│ └─ Optional web intel lookup + caching
│
├─ 🔌 mcp/
│ └─ 🛰️ server.py
│ └─ MCP tool server (sqlmap_scan, get_scan_status, get_ai_providers)
│
├─ 🧰 utils/
│ ├─ 🗂️ file_browser.py
│ │ └─ Safe file browsing inside project root (UI file picker)
│ └─ 🧩 parsers.py
│
├─ 🎛️ templates/
│ └─ 🖥️ dashboard.html
├─ 🎨 static/
│ └─ ⚙️ js/stats.js
│
├─ 🧠 memory/
│ ├─ 🧾 sessions/
│ │ └─ RAG memory snapshots (per scan)
│ ├─ 🗃️ search_cache/
│ │ └─ cached web intel queries
│ └─ 🧠 *_patterns.json
│ └─ learned patterns + bypass intelligence
│
└─ 📦 sqlmap_reports/
└─ generated scan reports (html/json/txt depending on run)
Where your outputs go:
sqlmap_reports\→ scan reports (proof + export)memory\sessions\→ RAG snapshots per sessionmemory\search_cache\→ cached web intel resultsmemory\*_patterns.json→ learned patterns and bypass info
Join Telegram: https://t.me/burnwpcommunity
Website: https://drcrypter.net
More tools, resources, and updates are shared on the website + community.
We welcome contributions! Feel free to fork this repository, make enhancements, and open pull requests. Please check the issues page for ongoing tasks or bug reports.
This project is licensed under the MIT License. See the LICENSE file for details.
This tool is for educational purposes only. 🏫 The creator and contributors are not responsible for any misuse or damages caused. Use responsibly, and only on systems you own or have permission for. ✅