From 3a975b79c1d58e5a9b3c7d6fad74dd0d678766d8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 5 Jan 2026 18:47:22 +0000 Subject: [PATCH] Add POST data/body prompt to interactive mode Co-authored-by: GilbertKrantz <90319182+GilbertKrantz@users.noreply.github.com> --- EXAMPLES.md | 2 ++ README.md | 3 ++- sqlmapcli.py | 16 +++++++++++++--- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/EXAMPLES.md b/EXAMPLES.md index 4e6d92ce0..0b30193d4 100644 --- a/EXAMPLES.md +++ b/EXAMPLES.md @@ -45,6 +45,8 @@ python sqlmapcli.py --interactive This will ask you: - Target URL +- Whether the request requires POST data/body +- POST data/body (if needed) - supports JSON or form data - Scan type (quick or comprehensive) - Custom level and risk settings diff --git a/README.md b/README.md index c5708d759..5ddba9cd5 100644 --- a/README.md +++ b/README.md @@ -57,13 +57,14 @@ python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=tes ```bash python sqlmapcli.py --interactive ``` +*Interactive mode now prompts for POST data/body, supporting both JSON and form data.* #### Features ✨ **Beautiful output** with Rich library - panels, tables, progress bars ⚡ **One-line comprehensive testing** - test all risk/level combinations automatically 📊 **Clear result summaries** - vulnerability tables with color-coded findings -🎯 **Interactive mode** - guided prompts for easy testing +🎯 **Interactive mode** - guided prompts for easy testing, including POST data support ⏱️ **Progress tracking** - see exactly what's being tested in real-time #### CLI Options diff --git a/sqlmapcli.py b/sqlmapcli.py index 574053db7..41b2847fe 100755 --- a/sqlmapcli.py +++ b/sqlmapcli.py @@ -329,8 +329,18 @@ class SQLMapCLI: url = Prompt.ask("\n[cyan]Enter target URL[/cyan]") + # Ask if this is a POST request + has_data = Confirm.ask("[cyan]Does this request require POST data/body?[/cyan]", default=False) + + data = None + if has_data: + self.console.print("\n[dim]Examples:[/dim]") + self.console.print("[dim] JSON: {\"email\":\"test@example.com\",\"password\":\"pass123\"}[/dim]") + self.console.print("[dim] Form: username=admin&password=secret[/dim]") + data = Prompt.ask("\n[cyan]Enter POST data/body[/cyan]") + scan_type = Prompt.ask( - "[cyan]Select scan type[/cyan]", + "\n[cyan]Select scan type[/cyan]", choices=["quick", "comprehensive"], default="quick" ) @@ -338,11 +348,11 @@ class SQLMapCLI: if scan_type == "quick": level = int(Prompt.ask("[cyan]Test level (1-5)[/cyan]", default="1")) risk = int(Prompt.ask("[cyan]Test risk (1-3)[/cyan]", default="1")) - self.quick_scan(url, level, risk) + self.quick_scan(url, level, risk, data=data) else: max_level = int(Prompt.ask("[cyan]Maximum test level (1-5)[/cyan]", default="5")) max_risk = int(Prompt.ask("[cyan]Maximum test risk (1-3)[/cyan]", default="3")) - self.comprehensive_scan(url, max_level, max_risk) + self.comprehensive_scan(url, max_level, max_risk, data=data) def main():