SQLI Agent¶

The SQLi agent is an AI-driven automated pentesting agent focused on SQL injection reconnaissance and targeted exploitation attempts across API and web application flows.

Capabilities¶

• Reconnaissance-first testing: Prioritizes endpoints and parameters that look database-backed
• Context-aware payloading: Adapts payload attempts to the observed request and response patterns
• High-value surface prioritization: Focuses on filters, search, reporting, exports, and record lookups
• Guided exploration: Uses optional natural-language context to spend more time on the business-critical areas

Configuration¶

Basic Configuration¶

The SQLi agent is enabled by default on all automated pentesting scans. No additional configuration is required for the agent to run.

To explicitly disable it:

automated_pentesting:
  sqli_agent:
    enabled: false

Natural-Language Guidance¶

Use automated_pentesting.sqli_agent.natural_language to describe the parts of the product that are most likely to be backed by SQL queries or where SQL injection would matter the most.

This field is optional, but it helps the agent prioritize the most relevant search forms, list filters, admin views, export endpoints, and reporting flows.

automated_pentesting:
  sqli_agent:
    enabled: true
    natural_language: |
      Prioritize search, filtering, export, and reporting flows. The admin analytics
      pages, customer lookup endpoints, and invoice history screens are backed by SQL
      queries and are the highest-risk areas. Avoid destructive settings pages.

Good things to include:

• Search and filtering features
• Reporting, exports, or analytics endpoints
• Admin or back-office views with rich query capabilities
• Known database-backed resources or identifiers
• Destructive flows the agent should avoid

Requirements¶

• Reachable target: The scan must be able to reach the relevant endpoints or pages
• Useful coverage: Better results come from good crawl/authentication coverage
• Authentication (optional): Configure it when important surfaces are behind login

Limitations¶

• Coverage depends on what the scan can discover and reach
• Timeouts and scope still apply
• Natural-language guidance improves prioritization, but does not replace scan scope or authentication setup

Related Documentation¶

• REST API Testing Reference: API testing options
• GraphQL API Testing Reference: GraphQL testing options
• Authentication: Set up authenticated testing
• Business Logic Agent: Complementary workflow-oriented testing