I would like to test my website for SQL injection using sqlmap. I'm using mod_rewrite and my URL looks like this:
http://www.example.com/forum/&nav_page=1
(where nav_page is the parameter name and 1 is value)
The problem I'm having is that I can't find a way to tell sqlmap to perform the injection test just on the value.
The URL also not contain the ? sign because it's SEO friendly.
Your ideas of seo-frienliness are quite vague. It is not symbols that make an url look "seo-friendly". It's technology that doesn't involve parameter names and values.
So, you have to decide either you are using query string parameters or not. If not - make your urls real seo-friendly. like http://www.example.com/forum/nav_page1/
If you still want to use query string variables - then use them properly, using ? mark to define a query string.