AI-Assisted SQL Injection Scanner (sqlmap LLM demo source ) AI for Cybersecurity Fundamentals - T2
This tutorial builds a CLI that drives sqlmap across a batch of WebGoat lessons, compresses the noisy log with plain Python, and hands the result to Claude for a structured findings report. The headline numbers tell the story: 1.76 million characters of raw sqlmap output, compressed 98.6% before the AI ever sees it, rendered into 16 actionable lines. That compression-then-analysis split — deterministic preprocessing first, one LLM call second — is the architectural pattern this whole series reuses.
The tool has three modes. Mock mode verifies the pipeline with no network calls and no cost. Dry-run mode fires real sqlmap against WebGoat but skips the Claude step, so you can confirm your cookie is fresh and your targets file is wired up correctly. Live mode runs the full pipeline for roughly a cent or two. You run them in order on first install; each one rules out a different failure mode.
One calibration note before you run it: expect two of six confirmations on a typical --thorough pass, not the four the mock fixture shows. Finding count depends on sqlmap settings, not AI reasoning — the tutorial covers what to bump if you want to go deeper. If you want Tutorial 1 (the series overview) first, the link is below.
If this lands, subscribe — Tutorial 3 is next: the same two-stage pattern applied to subdomain enumeration.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⏱️ TIMESTAMPS
00:00 Welcome
00:20 Lab targets only
00:39 The problem with sqlmap
01:13 What you'll build
01:53 The architecture
02:31 The two-stage pattern
03:17 How sqlmap finds SQLi
04:21 The targets file
04:56 Why curated, not crawled
05:54 Three modes
06:31 Pre-flight — Set up your machine
08:19 Demo 1 — Mock + dry-run sanity
09:17 The headline pitch — size progression
10:57 Demo 2 — The wall of text
11:20 The compression — signal vs journey
12:24 Demo 3 — Live --thorough run (the money shot)
13:37 Reading the two findings
14:52 Three artefacts on disk
15:30 Calibrating expectations
16:23 AI assists. Humans decide.
16:50 What's next + close
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
❓ QUESTIONS THIS TUTORIAL ANSWERS
— how to summarise sqlmap output with AI
— sqlmap output too long for Claude context window
— how to compress sqlmap log before sending to LLM
— python wrapper for sqlmap subprocess
— how to get structured JSON findings from sqlmap with Claude
— WebGoat SQL injection tutorial with AI assistance
— two-stage AI pipeline deterministic preprocessing then LLM
— how many sqlmap findings to expect on WebGoat --thorough
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🔗 RESOURCES
Code for this tutorial: https://github.com/aiforyourwork/ai-f...
Full series on GitHub: https://github.com/aiforyourwork/ai-f...
#AIForYourWork · Build more. Hire less.