SQLMap GUI 🛡️

A modern, feature-rich web interface for SQLMap - the powerful SQL injection and database takeover tool.

Features • Installation • Quick Start • Screenshots • Documentation

---

🌟 Features

🎨 Modern UI/UX

• Beautiful Next.js WebUI with Shadcn UI components
• Dark/Light Theme Support with system preference detection
• Responsive Design - works on desktop, tablet, and mobile
• Real-time Updates - live scan status and progress monitoring
• Smooth Animations powered by Framer Motion

🚀 Core Functionality

• ⚡ Fast Scanning - Multi-threaded SQL injection testing
• 📊 Real-time Monitoring - Live scan logs and status updates
• 🗄️ Database Explorer - Interactive tree view with pagination
• 💾 Export Data - Download entire databases as ZIP (JSON + CSV)
• 📝 Persistent History - SQLite-powered scan history
• 🔄 Batch Scanning - Test multiple URLs simultaneously
• 🛡️ WAF Detection - Automatic detection and bypass suggestions

🎯 Advanced Options

• Level & Risk Configuration (1-5 levels, 1-3 risk)
• DBMS Targeting (MySQL, PostgreSQL, MSSQL, Oracle, SQLite)
• Custom Techniques (BEUSTQ injection methods)
• Tamper Scripts with auto-tamper mode
• Threading Control (1-10 concurrent threads)
• OS Shell Access for compromised systems

📦 Database Management

• Database Enumeration - List all databases
• Table Enumeration - Discover table structures
• Column Enumeration - Map table schemas
• Full Database Dumps - Extract complete data
• ZIP Export - Download databases with JSON & CSV formats
• Interactive Explorer - Browse and search extracted data

📈 Monitoring & Analytics

• Dashboard Statistics - Total scans, active scans, vulnerability rate
• Progress Tracking - Real-time progress indicators
• Log Viewer - Color-coded log levels with filtering
• Scan History - Complete audit trail of all scans
• Vulnerability Reports - Detailed injection point analysis

---

📋 Prerequisites

Before you begin, ensure you have the following installed:

• Bun >= 1.0 - Fast JavaScript runtime
• Python >= 3.10 - Required for SQLMap
• Git - For cloning the repository
• Windows - PowerShell scripts included (Linux/Mac compatible with minor modifications)

---

📦 Installation

1. Clone the Repository

git clone https://github.com/syrex1013/sqlgui.git
cd sqlgui

2. Install Dependencies

# Install backend dependencies
cd backend && bun install && cd ..

# Install frontend dependencies (optional - for Vite UI)
cd frontend && bun install && cd ..

# Install WebUI dependencies (recommended)
cd webui && bun install && cd ..

3. SQLMap Setup

SQLMap is included in the sqlmapproject-sqlmap-* directory. No additional setup required!

---

🚀 Quick Start

Run the Modern WebUI (Recommended)

bun run webui

Access at: http://localhost:8080

This command automatically:

• ✅ Kills any processes on ports 3000, 8080, and 8776
• ✅ Starts the Express backend API (port 3000)
• ✅ Starts the SQLMap API server (port 8776)
• ✅ Launches the Next.js WebUI (port 8080)

Alternative: Run the React Vite UI

bun run all
# or
bun run dev

Access at: http://localhost:5173

Run Individual Services

# Backend only
bun run backend

# Frontend only (Vite)
bun run frontend

---

🎯 Usage Guide

1️⃣ Start a New Scan

1. Navigate to the Dashboard tab
2. Enter your target URL (e.g., http://testphp.vulnweb.com/artists.php?artist=1)
3. (Optional) Configure advanced options:
   • Level (1-5): Test depth and thoroughness
   • Risk (1-3): Payload risk level
   • Threads: Number of concurrent requests
   • DBMS: Target database type
   • Tamper Scripts: WAF bypass techniques
4. Click "Start Scan"

2️⃣ Monitor Active Scans

• View real-time progress in the Active Scans section
• See live logs as they're generated
• Stop scans with the Stop button
• Click Details for comprehensive scan information

3️⃣ Explore Dumped Databases

1. Go to the "Dumped DBs" tab
2. Browse the database tree structure
3. Click on any table to view data with pagination
4. Use the "Download as ZIP" button to export entire databases

4️⃣ Export Database Data

Each database can be exported as a ZIP file containing:

• README.txt - Database metadata and table list
• {table}.json - Complete table data in JSON format
• {table}.csv - Table data in CSV format

Perfect for offline analysis, reporting, or archiving!

---

📸 Screenshots

Dashboard

Database Explorer

Scan Details

---

🏗️ Project Structure

sqlgui/
├── 📁 backend/                    # Express API Server (Port 3000)
│   ├── index.ts                  # Main server + SQLMap API spawner
│   ├── logger.ts                 # Winston logger configuration
│   ├── db.ts                     # SQLite database operations
│   ├── sqlgui.sqlite             # Scan history database
│   └── logs/                     # Application logs (auto-rotating)
│
├── 📁 frontend/                   # React + Vite UI (Port 5173)
│   ├── src/
│   │   ├── App.tsx
│   │   ├── components/
│   │   └── lib/
│   └── vite.config.ts
│
├── 📁 webui/                      # Next.js WebUI (Port 8080) ⭐
│   ├── src/
│   │   ├── app/
│   │   │   ├── layout.tsx        # Root layout with theme
│   │   │   └── page.tsx          # Home page
│   │   ├── components/
│   │   │   ├── sqlmap-gui.tsx    # Main UI component
│   │   │   ├── navbar.tsx        # Sticky navigation
│   │   │   ├── footer.tsx        # App footer
│   │   │   └── ui/               # Shadcn UI components
│   │   └── lib/
│   │       └── api.ts            # Backend API client
│   └── next.config.ts
│
├── 📁 sqlmapproject-sqlmap-*/     # SQLMap Installation
│   └── sqlmapapi.py              # SQLMap REST API
│
├── 📄 package.json                # Root package.json with scripts
├── 📄 run-all.ps1                 # PowerShell: Backend + Frontend
├── 📄 run-webui.ps1               # PowerShell: Backend + WebUI
└── 📄 cleanup-ports.ps1           # Port cleanup utility

---

🛠️ Development

Build for Production

# Build WebUI
bun run build:webui

# Start production server
cd webui && bun run start

Development with Hot Reload

# WebUI (with hot reload)
cd webui && bun run dev

# Frontend (with hot reload)
cd frontend && bun run dev

Environment Variables

# Set log level
$env:LOG_LEVEL="debug"  # Options: error, warn, info, debug
bun run webui

Logging

The application uses Winston for professional logging:

• Location: backend/logs/
• Files:
  • combined.log - All log levels
  • error.log - Errors only
• Features:
  • Automatic log rotation (5MB per file, 5 files retained)
  • JSON format for parsing
  • Colored console output
  • Timestamps on all entries

---

🌐 API Endpoints

Backend API (Port 3000)

Endpoint	Method	Description
/api/task/new	POST	Create new SQLMap task
/api/scan/start/:taskId	POST	Start a scan
/api/scan/status/:taskId	GET	Get scan status
/api/scan/data/:taskId	GET	Get scan data
/api/scan/log/:taskId	GET	Get scan logs
/api/history	GET	Get scan history
/api/history/clear	DELETE	Clear all history
/api/export	GET	Export dumps

---

🔧 Troubleshooting

Port Already in Use

Solution: Scripts automatically clean ports before starting!

Manual cleanup:

Get-NetTCPConnection -LocalPort 3000,5173,8080,8776 | ForEach-Object {
    Stop-Process -Id $_.OwningProcess -Force
}

SQLMap API Won't Start

Solution 1: Run PowerShell as Administrator

# Right-click PowerShell → "Run as Administrator"
bun run webui

Solution 2: Allow Python through Windows Firewall

1. Open Windows Defender Firewall
2. Click "Allow an app through firewall"
3. Add Python to allowed apps
4. Enable both Private and Public networks

Solution 3: Check Python Installation

python --version  # Should be 3.10+

Check Logs for Errors

# View error logs
cat backend/logs/error.log

# View all logs
cat backend/logs/combined.log

---

🔒 Security Notice

⚠️ IMPORTANT: This tool is for authorized security testing only.

• ✅ Always get written permission before testing
• ✅ Only test systems you own or have explicit authorization to test
• ✅ Use responsibly and ethically
• ❌ Unauthorized use is illegal and unethical

Legal Disclaimer

The developers of this tool are not responsible for any misuse or damage caused by this program. This tool is provided for educational and authorized security testing purposes only.

---

📜 Scripts Reference

Command	Description
bun run webui	Start backend + WebUI (Port 8080) - Recommended
bun run all	Start backend + Frontend (Port 5173)
bun run dev	Same as all
bun run backend	Start backend API only (Port 3000)
bun run frontend	Start Vite frontend only (Port 5173)
bun run build:webui	Build WebUI for production

---

🤝 Contributing

Contributions are welcome! Here's how you can help:

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add some amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

Contribution Guidelines

• Ensure compatibility with both frontend and webui
• Update documentation for new features
• Test port cleanup functionality
• Follow existing code style (TypeScript + ESLint)
• Add tests where applicable

---

🙏 Acknowledgments

• SQLMap Project - The powerful SQL injection tool
• Shadcn UI - Beautiful UI components
• Next.js - React framework
• Bun - Fast JavaScript runtime
• Winston - Professional logging

---

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

For educational and authorized security testing purposes only.

---

📞 Contact

Author: syrex1013

• GitHub: @syrex1013
• Project Link: https://github.com/syrex1013/sqlgui

---

⭐ Show Your Support

If you found this project helpful, please give it a ⭐ star on GitHub!

Made with ❤️ for security researchers

GitAds Sponsored