Struct SqlmapOptions 

#[non_exhaustive]
pub struct SqlmapOptions {

    pub url: Option<String>,
    pub test_parameter: Option<String>,
    pub dbms: Option<String>,
    pub tech: Option<String>,
    pub level: Option<i32>,
    pub risk: Option<i32>,
    pub string: Option<String>,
    pub not_string: Option<String>,
    pub regexp: Option<String>,
    pub code: Option<i32>,
    pub text_only: Option<bool>,
    pub titles: Option<bool>,
    pub cookie: Option<String>,
    pub headers: Option<String>,
    pub method: Option<String>,
    pub data: Option<String>,
    pub random_agent: Option<bool>,
    pub proxy: Option<String>,
    pub prefix: Option<String>,
    pub suffix: Option<String>,
    pub tamper: Option<String>,
    pub skip: Option<String>,
    pub skip_static: Option<bool>,
    pub threads: Option<i32>,
    pub verbose: Option<i32>,
    pub batch: Option<bool>,
    pub retries: Option<i32>,
    pub get_dbs: Option<bool>,
    pub get_tables: Option<bool>,
    pub get_columns: Option<bool>,
    pub get_users: Option<bool>,
    pub get_passwords: Option<bool>,
    pub get_privileges: Option<bool>,
    pub is_dba: Option<bool>,
    pub current_user: Option<bool>,
    pub current_db: Option<bool>,
    pub dump_all: Option<bool>,
    pub dump_table: Option<bool>,
    pub search: Option<bool>,
    pub os_shell: Option<bool>,
    pub sql_shell: Option<bool>,
    pub file_read: Option<String>,
    pub file_write: Option<String>,
    pub file_dest: Option<String>,
    pub tor: Option<bool>,
    pub tor_port: Option<i32>,
    pub tor_type: Option<String>,
    pub crawl_depth: Option<i32>,
    pub scope: Option<String>,
    pub forms: Option<bool>,
    pub second_url: Option<String>,
}

Configuration payload mapped directly to SQLMap CLI arguments.

All fields are optional and use skip_serializing_if so only explicitly set values are sent to the REST API.

Examples

use sqlmap_rs::SqlmapOptions;

let opts = SqlmapOptions::builder()
    .url("http://example.com/api?id=1")
    .level(3)
    .risk(2)
    .batch(true)
    .threads(4)
    .build();

Fields (Non-exhaustive)

Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.

url: Option<String>

The target URL.

test_parameter: Option<String>

Target specific parameter(s), e.g. “id”.

dbms: Option<String>

Specific DBMS backend, e.g. “MySQL”.

tech: Option<String>

Payload techniques to test (B=Boolean, T=Time, E=Error, U=UNION, S=Stacked).

level: Option<i32>

Level of tests to perform (1-5, default 1).

risk: Option<i32>

Payload risk (1-3, default 1).

string: Option<String>

String to match for True on boolean-based blind injection.

not_string: Option<String>

String to match for False on boolean-based blind injection.

regexp: Option<String>

Regex to match for True on boolean-based blind injection.

code: Option<i32>

HTTP code to match for True query.

text_only: Option<bool>

Compare responses using text only.

titles: Option<bool>

Compare responses using titles only.

cookie: Option<String>

HTTP Cookie header value.

headers: Option<String>

HTTP headers string.

method: Option<String>

Force specific HTTP method.

data: Option<String>

POST data string.

random_agent: Option<bool>

Use randomly selected User-Agent.

proxy: Option<String>

HTTP proxy URL.

prefix: Option<String>

Injection payload prefix string.

suffix: Option<String>

Injection payload suffix string.

tamper: Option<String>

Tamper script(s) for WAF evasion.

skip: Option<String>

Skip testing specific parameters.

skip_static: Option<bool>

Skip testing parameters that appear static.

threads: Option<i32>

Number of concurrent threads (default 1).

verbose: Option<i32>

Output verbosity level (1-6).

batch: Option<bool>

Do not ask for user input (must be true for automation).

retries: Option<i32>

Number of retries on connection timeout.

get_dbs: Option<bool>

Enumerate DBMS databases.

get_tables: Option<bool>

Enumerate DBMS database tables.

get_columns: Option<bool>

Enumerate DBMS database columns.

get_users: Option<bool>

Enumerate DBMS users.

get_passwords: Option<bool>

Enumerate DBMS users password hashes.

get_privileges: Option<bool>

Enumerate DBMS users privileges.

is_dba: Option<bool>

Check if the DBMS user is DBA.

current_user: Option<bool>

Retrieve the current DBMS user.

current_db: Option<bool>

Retrieve the current DBMS database.

dump_all: Option<bool>

Dump all DBMS databases tables entries.

dump_table: Option<bool>

Dump DBMS database table entries.

search: Option<bool>

Search for database/table/column names.

os_shell: Option<bool>

Prompt for an interactive OS shell.

sql_shell: Option<bool>

Prompt for an interactive SQL shell.

file_read: Option<String>

Read a file from the DBMS file system.

file_write: Option<String>

Write a file to the DBMS file system.

file_dest: Option<String>

Destination path for file write on the DBMS.

tor: Option<bool>

Use Tor for anonymity.

tor_port: Option<i32>

Tor proxy port.

tor_type: Option<String>

Tor proxy type (HTTP, SOCKS4, SOCKS5).

crawl_depth: Option<i32>

Crawl the website from the target URL to given depth.

scope: Option<String>

Regex to filter target URLs during crawling.

forms: Option<bool>

Parse and test forms on target pages.

second_url: Option<String>

URL for second-order injection verification.

Implementations

impl SqlmapOptions

pub fn builder() -> SqlmapOptionsBuilder

Create a new options builder.

Examples found in repository

examples/full_scan.rs (line 36)

async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // ── 1. Check availability ────────────────────────────
    if !SqlmapEngine::is_available() {
        eprintln!("ERROR: sqlmapapi not found in PATH");
        eprintln!("Quick fix:");
        eprintln!("  conda env create -f environment.yml");
        eprintln!("  conda activate sqlmap-env");
        eprintln!("  # OR: ./setup.sh");
        std::process::exit(1);
    }

    // ── 2. Boot the daemon ───────────────────────────────
    println!("Booting sqlmapapi daemon on port 8775...");
    let engine = SqlmapEngine::new(8775, true, None).await?;
    println!("Daemon ready at {}", engine.api_url());

    // ── 3. Configure scan with builder ───────────────────
    let target = std::env::args()
        .nth(1)
        .unwrap_or_else(|| "http://testphp.vulnweb.com/listproducts.php?cat=1".to_string());

    println!("Target: {target}");

    let opts = SqlmapOptions::builder()
        .url(&target)
        .level(3)
        .risk(2)
        .batch(true)
        .threads(4)
        .random_agent(true)
        .build();

    // ── 4. Create and run task ───────────────────────────
    let task = engine.create_task(&opts).await?;
    println!("Task created: {}", task.task_id());

    task.start().await?;
    println!("Scan started, polling for completion...");

    // ── 5. Monitor execution ─────────────────────────────
    task.wait_for_completion(300).await?;
    println!("Scan complete!");

    // ── 6. Fetch and display logs ────────────────────────
    match task.fetch_log().await {
        Ok(log_resp) => {
            if let Some(logs) = &log_resp.log {
                println!("\n=== Scan Log ({} entries) ===", logs.len());
                for entry in logs.iter().rev().take(10) {
                    println!("  [{}] {}: {}", entry.time, entry.level, entry.message);
                }
                if logs.len() > 10 {
                    println!("  ... and {} more entries", logs.len() - 10);
                }
            }
        }
        Err(err) => eprintln!("Could not fetch log: {err}"),
    }

    // ── 7. Fetch results ─────────────────────────────────
    let data = task.fetch_data().await?;
    let findings = data.findings();

    println!("\n=== Results ===");
    println!("  Findings: {}", findings.len());

    if findings.is_empty() {
        println!("  No SQL injection vulnerabilities detected.");
    } else {
        // ── 8. Multi-format output ───────────────────────
        println!("\n{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Plain));

        println!("=== JSON ===");
        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::JsonPretty));

        println!("=== CSV ===");
        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Csv));

        println!("=== Markdown ===");
        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Markdown));
    }

    // ── 9. Inspect configured options ────────────────────
    match task.list_options().await {
        Ok(options) => {
            println!("\n=== Active Options ===");
            println!("{}", serde_json::to_string_pretty(&options)?);
        }
        Err(err) => eprintln!("Could not fetch options: {err}"),
    }

    // Task is auto-deleted from daemon on drop.
    // Engine daemon is auto-killed on drop.
    println!("\nDone. Task and daemon will be cleaned up automatically.");

    Ok(())
}

Trait Implementations

impl Clone for SqlmapOptions

fn clone(&self) -> SqlmapOptions

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SqlmapOptions

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for SqlmapOptions

fn default() -> SqlmapOptions

Returns the “default value” for a type.

impl Serialize for SqlmapOptions

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.