Hey everyone 
[DEVLOG / RELEASE] SQLMAP SKYNET - MCP-controlled workflow + RAG memory + clean reporting
Small devlog + release post about something I’ve been building: SQLMAP SKYNET.
I love sqlmap, but real-world usage can get messy fast:
multiple runs, different flags, lost context, terminal spam, then you still have to build a clean report.
So SKYNET is my attempt to make sqlmap feel like a proper operator tool:
structured phases, visible progress, repeatable results, and evidence-ready output.
Authorized testing only (your own systems / written permission).
What SKYNET adds on top of sqlmap
MCP “Agent Mode”
This is the control layer. Instead of treating scans like one giant command, SKYNET exposes scan actions like tools:
RAG Memory (your playbook that grows)
RAG is used in a practical way — not “guessing”, but remembering:
Phased scanning (less noise, more control)
Instead of blasting everything at once, SKYNET runs in phases so you can go deeper only when the signal is real:
Dashboard + Evidence-first reports
Download / Source
If you download it and it’s useful, please consider leaving a
star — it helps the project a lot 
I’m curious:
Would you rather SKYNET default to fast + minimal (quiet logs, quick answers),
or safe + verbose (more checks, more evidence, slower but cleaner)?
[DEVLOG / RELEASE] SQLMAP SKYNET - MCP-controlled workflow + RAG memory + clean reporting
Small devlog + release post about something I’ve been building: SQLMAP SKYNET.
I love sqlmap, but real-world usage can get messy fast:
multiple runs, different flags, lost context, terminal spam, then you still have to build a clean report.
So SKYNET is my attempt to make sqlmap feel like a proper operator tool:
structured phases, visible progress, repeatable results, and evidence-ready output.
Authorized testing only (your own systems / written permission).What SKYNET adds on top of sqlmap
MCP “Agent Mode” This is the control layer. Instead of treating scans like one giant command, SKYNET exposes scan actions like tools:
- Start/stop a run
- Execute a specific phase (Detect / Verify / Enumerate / Export)
- Stream logs in real time
- Pull results + export reports when ready
RAG Memory (your playbook that grows) RAG is used in a practical way — not “guessing”, but remembering:
- What worked per target (headers/cookies/options)
- What failed and why (WAF pattern, rate limit, missing auth)
- Known-good profiles you can reuse so you don’t start from zero
Phased scanning (less noise, more control) Instead of blasting everything at once, SKYNET runs in phases so you can go deeper only when the signal is real:
- Detect → confirm injection path
- Verify → stability/confidence checks
- Enumerate → DB/tables/users (when allowed)
- Export → evidence + reports
Dashboard + Evidence-first reports- Dashboard = live visibility (no more “where did it fail?” guessing)
- Reports = HTML / TXT / JSON with a cleaner scan story + command history
Download / Source
- Download (Latest Release):
You must be registered for see links
If you download it and it’s useful, please consider leaving a
star — it helps the project a lot I’m curious:
Would you rather SKYNET default to fast + minimal (quiet logs, quick answers),
or safe + verbose (more checks, more evidence, slower but cleaner)?
Hey everyone
[DEVLOG / RELEASE] SQLMAP SKYNET - MCP-controlled workflow + RAG memory + clean reporting
Small devlog + release post about something I've been building: SQLMAP SKYNET .
I love sqlmap, but real-world usage can get messy fast:
multiple runs, different flags, lost context, terminal spam, then you still have to build a clean report.
So SKYNET is my attempt to make sqlmap feel like a proper operator tool :
structured phases, visible progress, repeatable results, and evidence-ready output.
What SKYNET adds on top of sqlmap
This is the control layer. Instead of treating scans like one giant command, SKYNET exposes scan actions like tools:
The idea is: clean automation and consistent workflow (works with dashboard or headless).
- Start/stop a run
- Execute a specific phase (Detect / Verify / Enumerate / Export)
- Stream logs in real time
- Pull results + export reports when ready
RAG is used in a practical way — not “guessing”, but remembering:
This is the part that saves the most time in repeated testing.
- What worked per target (headers/cookies/options)
- What failed and why (WAF pattern, rate limit, missing auth)
- Known-good profiles you can reuse so you don't start from zero
Instead of blasting everything at once, SKYNET runs in phases so you can go deeper only when the signal is real:
- Detect → confirm injection path
- Verify → stability/confidence checks
- Enumerate → DB/tables/users (when allowed)
- Export → evidence + reports
- Dashboard = live visibility (no more “where did it fail?” guessing)
- Reports = HTML / TXT / JSON with a cleaner scan story + command history
Download / Source
- Download Full Source code :
You must be registered for see links
If you download it and it's useful, please consider leaving a
I'm curious:
Would you rather SKYNET default to fast + minimal (quiet logs, quick answers),
or safe + verbose (more checks, more evidence, slower but cleaner)?