Sqlmap的sqlmapapi.py简单使用

look:

stamparm commented on
24 Feb 2014

@riramar

There is currently none :). I‘ll just give you a quick intro.

At server side:

$ python sqlmapapi.py -s -H 0.0.0.0
[19:42:00] [INFO] Running REST-JSON API server at ‘0.0.0.0:8775‘..
[19:42:00] [INFO] Admin ID: cfdd0c84a8ebbccf40a97fe6eaaeac9d
[19:42:00] [DEBUG] IPC database: /tmp/sqlmapipc-QUdQ7m
[19:42:00] [DEBUG] REST-JSON API server connected to IPC database

At client side:

$ curl http://127.0.0.1:8775/task/new
{
    "taskid": "4be40bb5e98a03c2",
    "success": true
}
$ curl -H "Content-Type: application/json" -X POST -d ‘{"url": "http://testphp.vulnweb.com/artists.php?artist=1"}‘ http://127.0.0.1:8775/scan/4be40bb5e98a03c2/start
{
    "engineid": 3068,
    "success": true
}
$ curl http://127.0.0.1:8775/scan/4be40bb5e98a03c2/data
{
    "data": [],
    "success": true,
    "error": []
}
$ curl http://127.0.0.1:8775/scan/4be40bb5e98a03c2/log
{
    "log": [
        {
            "message": "testing connection to the target URL",
            "level": "INFO",
            "time": "19:44:23"
        },
        {
            "message": "testing if the target URL is stable. This can take a couple of seconds",
            "level": "INFO",
            "time": "19:44:24"
        },
        {
            "message": "target URL is stable",
            "level": "INFO",
            "time": "19:44:25"
        },
        {
            "message": "testing if GET parameter ‘artist‘ is dynamic",
            "level": "INFO",
            "time": "19:44:25"
        },
        {
            "message": "confirming that GET parameter ‘artist‘ is dynamic",
            "level": "INFO",
            "time": "19:44:25"
        },
        {
            "message": "GET parameter ‘artist‘ is dynamic",
            "level": "INFO",
            "time": "19:44:26"
        },
        {
            "message": "heuristic (basic) test shows that GET parameter ‘artist‘ might be injectable (possible DBMS: ‘MySQL‘)",
            "level": "INFO",
            "time": "19:44:26"
        },
        {
            "message": "testing for SQL injection on GET parameter ‘artist‘",
            "level": "INFO",
            "time": "19:44:26"
        },
        {
            "message": "testing ‘AND boolean-based blind - WHERE or HAVING clause‘",
            "level": "INFO",
            "time": "19:44:26"
        },
        {
            "message": "GET parameter ‘artist‘ seems to be ‘AND boolean-based blind - WHERE or HAVING clause‘ injectable ",
            "level": "INFO",
            "time": "19:44:27"
        },
        {
            "message": "testing ‘MySQL >= 5.0 AND error-based - WHERE or HAVING clause‘",
            "level": "INFO",
            "time": "19:44:27"
        },
        {
            "message": "testing ‘MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)‘",
            "level": "INFO",
            "time": "19:44:27"
        },
        {
            "message": "testing ‘MySQL >= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)‘",
            "level": "INFO",
            "time": "19:44:28"
        },
        {
            "message": "testing ‘MySQL >= 4.1 AND error-based - WHERE or HAVING clause‘",
            "level": "INFO",
            "time": "19:44:28"
        },
        {
            "message": "testing ‘MySQL >= 5.0 OR error-based - WHERE or HAVING clause‘",
            "level": "INFO",
            "time": "19:44:28"
        },
        {
            "message": "testing ‘MySQL >= 5.1 OR error-based - WHERE or HAVING clause (EXTRACTVALUE)‘",
            "level": "INFO",
            "time": "19:44:29"
        },
        {
            "message": "testing ‘MySQL >= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)‘",
            "level": "INFO",
            "time": "19:44:29"
        },
        {
            "message": "testing ‘MySQL >= 4.1 OR error-based - WHERE or HAVING clause‘",
            "level": "INFO",
            "time": "19:44:29"
        },
        {
            "message": "testing ‘MySQL OR error-based - WHERE or HAVING clause‘",
            "level": "INFO",
            "time": "19:44:29"
        },
        {
            "message": "testing ‘MySQL >= 5.0 error-based - Parameter replace‘",
            "level": "INFO",
            "time": "19:44:30"
        },
        {
            "message": "testing ‘MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)‘",
            "level": "INFO",
            "time": "19:44:30"
        },
        {
            "message": "testing ‘MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)‘",
            "level": "INFO",
            "time": "19:44:30"
        },
        {
            "message": "testing ‘MySQL inline queries‘",
            "level": "INFO",
            "time": "19:44:30"
        },
        {
            "message": "testing ‘MySQL > 5.0.11 stacked queries‘",
            "level": "INFO",
            "time": "19:44:31"
        },
        {
            "message": "testing ‘MySQL < 5.0.12 stacked queries (heavy query)‘",
            "level": "INFO",
            "time": "19:44:31"
        },
        {
            "message": "testing ‘MySQL > 5.0.11 AND time-based blind‘",
            "level": "INFO",
            "time": "19:44:31"
        },
        {
            "message": "GET parameter ‘artist‘ seems to be ‘MySQL > 5.0.11 AND time-based blind‘ injectable ",
            "level": "INFO",
            "time": "19:44:42"
        },
        {
            "message": "testing ‘MySQL UNION query (NULL) - 1 to 20 columns‘",
            "level": "INFO",
            "time": "19:44:42"
        },
        {
            "message": "automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found",
            "level": "INFO",
            "time": "19:44:42"
        },
        {
            "message": "ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test",
            "level": "INFO",
            "time": "19:44:42"
        },
        {
            "message": "target URL appears to have 3 columns in query",
            "level": "INFO",
            "time": "19:44:43"
        },
        {
            "message": "GET parameter ‘artist‘ is ‘MySQL UNION query (NULL) - 1 to 20 columns‘ injectable",
            "level": "INFO",
            "time": "19:44:44"
        },
        {
            "message": "the back-end DBMS is MySQL",
            "level": "INFO",
            "time": "19:44:45"
        }
    ],
    "success": true
}

可能是更好的调用sqlmap的方法吧, 先研究到这了。

时间: 2024-10-09 03:22:56

Sqlmap的sqlmapapi.py简单使用的相关文章

非官方SQLmap RESTful API文档,就是那个sqlmapapi.py

最近想研究一下sqlmapapi.py这个东西, 先找到一篇这个. from: http://volatile-minds.blogspot.jp/2013/04/unofficial-sqlmap-restful-api.html This isn't comprehensive, just the most useful methods. I haven't found any docs on the API yet but wanted to play with it. :) 本文不是全面

web.py简单demo

1.准备工作 安装python/安装web.py/安装sql插件 2.python代码 1 # coding:utf-8 2 import sys 3 default_encoding = 'utf-8' 4 if sys.getdefaultencoding() != default_encoding: 5 reload(sys) 6 sys.setdefaultencoding(default_encoding) 7 import web 8 from web import form 9 i

GourdScanV2 SQL被动扫描平台搭建

项目地址:https://github.com/ysrc/GourdScanV2 搭建环境:Kali Linux 1.首先安装redis-server root@kali:~# apt-get install redis-server PS:运行 redis-server --version 查看自己的版本,需注意2.x版本的 Redis 会有问题 2.获取项目源码 root@kali:~# git clone https://github.com/ysrc/GourdScanV2.git 3.

阅读sqlmap源代码,编写burpsuite插件--sqlmapapi

burpsuite插件编写---sql injection 0x00 概要 在安全测试过程中,大部分人会使用burpsuite的scanner模块进行测试,可以发现一些浅显的漏洞:比如xss.sql injection.c***f.xxe.Arbitrary file existence disclosure in Act.明文传输等.说到sql injection,测试人员都会有一种想法是否存在一款自动化工具,可以将某一网站的所有链接都去尝试一边,尽可能的发现所有的sql injection.

利用sqlmapapi打造自动化SQL注入工具

友链:http://www.freebuf.com/sectool/74445.html 0×01 前言 各位看官看到标题吐槽帝就开始了:已经有了各种各样的注入工具,为什么还要手工打造一个? 事实上,做为一名苦逼乙方测试工程师以及漏洞盒子屌丝白帽子 ,在疲于应对各种死缠滥打的甲方以及成堆的web测试需求时,我经常遇到以下场景: (1)有大批量的网站需要检测的场景 乙方工程师工作辛苦劳累从来都不抱怨,有项目一定都是最能抗的,向无数奋斗在一线的乙方工程师致敬! (2)系统内部业务复杂可能会存在众多测

sqlmap 的源码学习笔记一之目录结构

0x00 前言 sqlmap 是一个开源的渗透测试工具,可以用来自动化的检测,利用SQL注入漏洞,获取数据库服务器的权限.它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项,包括获取数据库中存储的数据,访问操作系统文件甚至可以通过外带数据连接的方式执行操作系统命令.本文重点研究sqlmap的软件具体的目录结构,后续的文章也会从源码编写中,阐述sqlmap的种种编码结果.本文从结构中,可以看到sqlmap中的软件工程之美,同时从严谨的软件结构目录分类和构造中,看到sqlmap中的

sql注入在线检测(sqlmapapi)

之前一搞渗透的同事问我,sqlmapapi.py是干啥的,我猜很多人都玩过sqlmap,但玩过sqlmapapi的应该比较少,今天就和大家一起看看如何使用以及一些美的地方. 说白了,sqlmapapi.py就是提供了一个检查sql注入的接口,我们可以直接通过发送http请求扫描sql注入,获取扫描结果等一系列操作. 下面通过实例演示如何使用: 一.启动服务器端 服务器后端使用的是bottle,一个Python Web微框架. 二. 我们使用requests这个库发送请求 1.新建任务 2.发送扫

SQLMAP源码分析-目录结构

-----------------------------------------------------------------------------│  README.md│  sqlmap.conf[主配置文件]│  sqlmap.py[主程序]│  sqlmapapi.py[api接口]│  ├─doc[帮助文档]│  │  AUTHORS│  │  CHANGELOG.md│  │  CONTRIBUTING.md│  │  COPYING│  │  FAQ.pdf│  │  REA

如何解决sqlmapapi重启后,任务全部丢失的问题

sqlmapapi的server每次启动时都会创建一个新的数据库,这样之前的扫描记录都会全部丢失 使用python sqlmapapi.py -s可以看大IPC database的位置,这个各个操作系统不一样的 使用的数据库是sqllite,把sqlmapipc-RnGg6t添加后缀".sqlite",就可以使用sqlite的相关软件打开:我们可以修改sqlmap的源代码"api.py"使得成员使用我们根据下图的数据结构创建的数据库.这样扫描过程产生的数据就不会丢失