非官方SQLmap RESTful API文档，就是那个sqlmapapi.py

最近想研究一下sqlmapapi.py这个东西，先找到一篇这个。

from: http://volatile-minds.blogspot.jp/2013/04/unofficial-sqlmap-restful-api.html

This isn‘t comprehensive, just the most useful methods. I haven‘t found any docs on
the API yet but wanted to play with it. :)

本文不是全面的，只是最有用的方法。我还没找到任何关于API的文档，但我想尝试一把。

The full list of methods available are:

可用的methods列出如下

@get("/task/new")
@get("/task/<taskid>/delete")
@get("/admin/<taskid>/list")
@get("/admin/<taskid>/flush")
@get("/option/<taskid>/list")
@post("/option/<taskid>/get")
@post("/option/<taskid>/set")
@post("/scan/<taskid>/start")
@get("/scan/<taskid>/stop")
@get("/scan/<taskid>/kill")
@get("/scan/<taskid>/status")
@get("/scan/<taskid>/data")
@get("/scan/<taskid>/log/<start>/<end>")
@get("/scan/<taskid>/log")
@get("/download/<taskid>/<target>/<filename:path>")

These are the methods I have been using

我常用的

GET /task/new

Response:

{
    "taskid": "1d47d7f046df1504"
}

GET /task/<task_id>/delete

Response:

{
    "success": true
}

GET /option/<task_id>/list Response:

{
    "options": {
        "crawlDepth": null,
        "osShell": false,
        "getUsers": false,
        "getPasswordHashes": false,
        "excludeSysDbs": false,
        "uChar": null,
        "regData": null,
        "cpuThrottle": 5,
        "prefix": null,
        "code": null,
        "googlePage": 1,
        "query": null,
        "randomAgent": false,
        "delay": 0,
        "isDba": false,
        "requestFile": null,
        "predictOutput": false,
        "wizard": false,
        "stopFail": false,
        "forms": false,
        "taskid": "73674cc5eace4ac7",
        "skip": null,
        "dropSetCookie": false,
        "smart": false,
        "risk": 1,
        "sqlFile": null,
        "rParam": null,
        "getCurrentUser": false,
        "notString": null,
        "getRoles": false,
        "getPrivileges": false,
        "testParameter": null,
        "tbl": null,
        "charset": null,
        "trafficFile": null,
        "osSmb": false,
        "level": 1,
        "secondOrder": null,
        "pCred": null,
        "timeout": 30,
        "firstChar": null,
        "updateAll": false,
        "binaryFields": false,
        "checkTor": false,
        "aType": null,
        "direct": null,
        "saFreq": 0,
        "tmpPath": null,
        "titles": false,
        "getSchema": false,
        "identifyWaf": false,
        "checkWaf": false,
        "regKey": null,
        "limitStart": null,
        "loadCookies": null,
        "dnsName": null,
        "csvDel": ",",
        "oDir": null,
        "osBof": false,
        "invalidLogical": false,
        "getCurrentDb": false,
        "hexConvert": false,
        "answers": null,
        "host": null,
        "dependencies": false,
        "cookie": null,
        "proxy": null,
        "regType": null,
        "optimize": false,
        "limitStop": null,
        "mnemonics": null,
        "uFrom": null,
        "noCast": false,
        "testFilter": null,
        "eta": false,
        "threads": 1,
        "logFile": null,
        "os": null,
        "col": null,
        "rFile": null,
        "verbose": 1,
        "aCert": null,
        "torPort": null,
        "privEsc": false,
        "forceDns": false,
        "getAll": false,
        "api": true,
        "url": null,
        "invalidBignum": false,
        "regexp": null,
        "getDbs": false,
        "freshQueries": false,
        "uCols": null,
        "smokeTest": false,
        "pDel": null,
        "wFile": null,
        "udfInject": false,
        "tor": false,
        "forceSSL": false,
        "beep": false,
        "saveCmdline": false,
        "configFile": null,
        "scope": null,
        "dumpAll": false,
        "torType": "HTTP",
        "regVal": null,
        "dummy": false,
        "commonTables": false,
        "search": false,
        "skipUrlEncode": false,
        "referer": null,
        "liveTest": false,
        "purgeOutput": false,
        "retries": 3,
        "extensiveFp": false,
        "dumpTable": false,
        "database": "/tmp/sqlmapipc-EmjjlQ",
        "batch": true,
        "headers": null,
        "flushSession": false,
        "osCmd": null,
        "suffix": null,
        "dbmsCred": null,
        "regDel": false,
        "shLib": null,
        "nullConnection": false,
        "timeSec": 5,
        "msfPath": null,
        "noEscape": false,
        "getHostname": false,
        "sessionFile": null,
        "disableColoring": true,
        "getTables": false,
        "agent": null,
        "lastChar": null,
        "string": null,
        "dbms": null,
        "tamper": null,
        "hpp": false,
        "runCase": null,
        "osPwn": false,
        "evalCode": null,
        "cleanup": false,
        "getBanner": false,
        "profile": false,
        "regRead": false,
        "bulkFile": null,
        "safUrl": null,
        "db": null,
        "dumpFormat": "CSV",
        "alert": null,
        "user": null,
        "parseErrors": false,
        "aCred": null,
        "getCount": false,
        "dFile": null,
        "data": null,
        "regAdd": false,
        "ignoreProxy": false,
        "getColumns": false,
        "mobile": false,
        "googleDork": null,
        "sqlShell": false,
        "pageRank": false,
        "tech": "BEUSTQ",
        "textOnly": false,
        "commonColumns": false,
        "keepAlive": false
    }
}

POST /option/<task_id>/set -- Content-Type:application/json

Request:

{ "msfPath" : "/path/to/metasploit/framework" }

Response:

{
    "success": true
}

POST /scan/<task_id>/start -- Content-Type:application/json

Request (optional):

{ "url" : "192.168.1.250/index.php?wut=injectable" }

Response:

{
    "engineid": 16784,
    "success": true
}

GET /scan/<task_id>/log

Response:

{
    "log": [
        {
            "message": "testing connection to the target URL",
            "level": "INFO",
            "time": "14:11:23"
        },
        {
            "message": "testing if the target URL is stable. This can take a couple of seconds",
            "level": "INFO",
            "time": "14:11:24"
        },
        {
            "message": "target URL is stable",
            "level": "INFO",
            "time": "14:11:26"
        },
        {
            "message": "no parameter(s) found for testing in the provided data (e.g. GET parameter ‘id‘ in ‘www.site.com/index.php?id=1‘)",
            "level": "CRITICAL",
            "time": "14:11:26"
        },
        {
            "message": "testing connection to the target URL",
            "level": "INFO",
            "time": "14:17:30"
        },
        {
            "message": "testing if the target URL is stable. This can take a couple of seconds",
            "level": "INFO",
            "time": "14:17:31"
        },
        {
            "message": "target URL is not stable. sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user‘s manual paragraph ‘Page comparison‘ and provide a string or regular expression to match on",
            "level": "WARNING",
            "time": "14:17:33"
        },
        {
            "message": "testing if GET parameter ‘PAGE‘ is dynamic",
            "level": "INFO",
            "time": "14:17:33"
        },
        {
            "message": "confirming that GET parameter ‘PAGE‘ is dynamic",
            "level": "INFO",
            "time": "14:17:33"
        },
        {
            "message": "GET parameter ‘PAGE‘ does not appear dynamic",
            "level": "WARNING",
            "time": "14:17:33"
        },
        {
            "message": "reflective value(s) found and filtering out",
            "level": "WARNING",
            "time": "14:17:33"
        },
        {
            "message": "heuristic (basic) test shows that GET parameter ‘PAGE‘ might not be injectable",
            "level": "WARNING",
            "time": "14:17:33"
        },
        {
            "message": "testing for SQL injection on GET parameter ‘PAGE‘",
            "level": "INFO",
            "time": "14:17:34"
        },
        {
            "message": "testing ‘AND boolean-based blind - WHERE or HAVING clause‘",
            "level": "INFO",
            "time": "14:17:34"
        },
        {
            "message": "testing ‘MySQL >= 5.0 AND error-based - WHERE or HAVING clause‘",
            "level": "INFO",
            "time": "14:17:34"
        },
        {
            "message": "testing ‘PostgreSQL AND error-based - WHERE or HAVING clause‘",
            "level": "INFO",
            "time": "14:17:34"
        },
        {
            "message": "testing ‘Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause‘",
            "level": "INFO",
            "time": "14:17:34"
        },
        {
            "message": "testing ‘Oracle AND error-based - WHERE or HAVING clause (XMLType)‘",
            "level": "INFO",
            "time": "14:17:35"
        },
        {
            "message": "testing ‘MySQL inline queries‘",
            "level": "INFO",
            "time": "14:17:35"
        },
        {
            "message": "testing ‘PostgreSQL inline queries‘",
            "level": "INFO",
            "time": "14:17:35"
        },
        {
            "message": "testing ‘Microsoft SQL Server/Sybase inline queries‘",
            "level": "INFO",
            "time": "14:17:35"
        },
        {
            "message": "testing ‘Oracle inline queries‘",
            "level": "INFO",
            "time": "14:17:35"
        },
        {
            "message": "testing ‘SQLite inline queries‘",
            "level": "INFO",
            "time": "14:17:35"
        },
        {
            "message": "testing ‘MySQL > 5.0.11 stacked queries‘",
            "level": "INFO",
            "time": "14:17:36"
        },
        {
            "message": "testing ‘PostgreSQL > 8.1 stacked queries‘",
            "level": "INFO",
            "time": "14:17:36"
        },
        {
            "message": "testing ‘Microsoft SQL Server/Sybase stacked queries‘",
            "level": "INFO",
            "time": "14:17:36"
        },
        {
            "message": "testing ‘MySQL > 5.0.11 AND time-based blind‘",
            "level": "INFO",
            "time": "14:17:36"
        },
        {
            "message": "testing ‘PostgreSQL > 8.1 AND time-based blind‘",
            "level": "INFO",
            "time": "14:17:37"
        },
        {
            "message": "testing ‘Microsoft SQL Server/Sybase time-based blind‘",
            "level": "INFO",
            "time": "14:17:37"
        },
        {
            "message": "testing ‘Oracle AND time-based blind‘",
            "level": "INFO",
            "time": "14:17:37"
        },
        {
            "message": "testing ‘MySQL UNION query (NULL) - 1 to 10 columns‘",
            "level": "INFO",
            "time": "14:17:37"
        },
        {
            "message": "testing ‘Generic UNION query (NULL) - 1 to 10 columns‘",
            "level": "INFO",
            "time": "14:17:38"
        },
        {
            "message": "using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option ‘--dbms‘",
            "level": "WARNING",
            "time": "14:17:38"
        },
        {
            "message": "GET parameter ‘PAGE‘ is not injectable",
            "level": "WARNING",
            "time": "14:17:39"
        },
        {
            "message": "all tested parameters appear to be not injectable. Try to increase ‘--level‘/‘--risk‘ values to perform more tests. Also, you can try to rerun by providing either a valid value for option ‘--string‘ (or ‘--regexp‘)",
            "level": "CRITICAL",
            "time": "14:17:40"
        },
        {
            "message": "HTTP error codes detected during run:\n404 (Not Found) - 183 times",
            "level": "WARNING",
            "time": "14:17:40"
        }
    ]
}

GET /scan/<task_id>/status

Response:

{
    "status": "terminated",
    "returncode": 0
}

时间： 2024-08-05 11:16:24

非官方SQLmap RESTful API文档，就是那个sqlmapapi.py的相关文章

3.Spring Boot中使用Swagger2构建强大的RESTful API文档

原文:http://www.jianshu.com/p/8033ef83a8ed 由于Spring Boot能够快速开发.便捷部署等特性,相信有很大一部分Spring Boot的用户会用来构建RESTful API.而我们构建RESTful API的目的通常都是由于多终端的原因,这些终端会共用很多底层业务逻辑,因此我们会抽象出这样一层来同时服务于多个移动端或者Web前端. 这样一来,我们的RESTful API就有可能要面对多个开发人员或多个开发团队:IOS开发.Android开发或是Web开发

springboot集成swagger2构建RESTful API文档

在开发过程中,有时候我们需要不停的测试接口,自测,或者交由测试测试接口,我们需要构建一个文档,都是单独写,太麻烦了,现在使用springboot集成swagger2来构建RESTful API文档,可以在访问接口上,直接添加注释先介绍一下开发环境: jdk版本是1.8 springboot的版本是1.4.1 开发工具为 intellij idea 我们先引入swagger2的jar包,pom文件引入依赖如下: <dependency> <groupId>io.springfox&

Spring Boot中使用Swagger2构建强大的RESTful API文档

由于Spring Boot能够快速开发.便捷部署等特性,相信有很大一部分Spring Boot的用户会用来构建RESTful API.而我们构建RESTful API的目的通常都是由于多终端的原因,这些终端会共用很多底层业务逻辑,因此我们会抽象出这样一层来同时服务于多个移动端或者Web前端. 这样一来,我们的RESTful API就有可能要面对多个开发人员或多个开发团队:IOS开发.Android开发或是Web开发等.为了减少与其他团队平时开发期间的频繁沟通成本,传统做法我们会创建一份RESTf

使用Swagger2构建强大的RESTful API文档（1）

java版spring cloud+spring boot 社交电子商务平台（九）使用Swagger2构建强大的RESTful API文档（1）

Spring Boot中使用Swagger2生成RESTful API文档（转）

效果如下图所示: 添加Swagger2依赖在pom.xml中加入Swagger2的依赖  <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger2</artifactId> <versi

java版spring cloud+spring boot+redis社交电子商务平台（十）使用Swagger2构建强大的RESTful API文档（2）

添加文档内容在完成了上述配置后,其实已经可以生产文档内容,但是这样的文档主要针对请求本身,而描述主要来源于函数等命名产生,对用户并不友好,我们通常需要自己增加一些说明来丰富文档内容.如下所示,我们通过@ApiOperation注解来给API增加说明.通过@ApiImplicitParams.@ApiImplicitParam注解来给参数增加说明. @RestController @RequestMapping(value="/users") // 通过这里配置使下面的映射都在/user

Spring Boot2 系列教程 (四) | 集成 Swagger2 构建强大的 RESTful API 文档

前言快过年了,不知道你们啥时候放年假,忙不忙.反正我是挺闲的,所以有时间写 blog.今天给你们带来 SpringBoot 集成 Swagger2 的教程. 什么是 Swagger2 Swagger 是一个规范和完整的框架,用于生成.描述.调用和可视化 RESTful 风格的 Web 服务. 为什么使用 Swagger2 ? 相信刚开始不熟悉 web 开发的时候,大家都有手写 Api 文档的时候.而手写 Api 文档主要有以下几个痛点: 文档需要更新的时候,需要再次发送一份给前端,也就是文档更

Spring Boot 整合 swagger2 自动生成 RESTFul API 文档

1)首先编辑pom.xml添加依赖 <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger2</artifactId> <version>2.9.2</version> </dependency> <dependency> <groupId>io.springfox</groupId>