-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathsqlmapapi_check.py
156 lines (138 loc) · 3.77 KB
/
sqlmapapi_check.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# -*- coding: utf-8 -*-
"""
sqlmap注入过程管理脚本,可控制超时时间及检测到可能有waf无法注入后自动跳出
"""
import os
import sys
import json
import time
import requests
def usage():
print '+' + '-' * 50 + '+'
print '\t Python sqlmapapi_test'
print '\t\t Code BY:YIYANG'
print '+' + '-' * 50 + '+'
if len(sys.argv) != 2:
print "example: sqlmapapi.py url.txt"
sys.exit()
def task_new(server):
url = server + '/task/new'
req = requests.get(url)
taskid = req.json()['taskid']
success = req.json()['success']
return (success,taskid)
def task_start(server,taskid,data,headers):
url = server + '/scan/' + taskid + '/start'
req = requests.post(url,json.dumps(data),headers = headers)
success = req.json()['success']
return success
def task_status(server,taskid):
url = server + '/scan/' + taskid + '/status'
req = requests.get(url)
status_check = req.json()['status']
return status_check
def task_log(server,taskid):
url = server + '/scan/' + taskid + '/log'
req = requests.get(url).text
scan_json = json.loads(req)['log']
flag1 = 0
if scan_json:
print scan_json[-1]['message']
if 'retry' in scan_json[-1]['message']:
flag1 = 1
else:
flag1 = 0
return flag1
def task_data(server,taskid):
url = server + '/scan/' + taskid + '/data'
req = requests.get(url)
vuln_data = req.json()['data']
if len(vuln_data):
vuln = 1
else:
vuln = 0
return vuln
def task_stop(server,taskid):
url = server + '/scan/' + taskid + '/stop'
req = requests.get(url)
success = req.json()['success']
return success
def task_kill(server,taskid):
url = server + '/scan/' + taskid + '/kill'
req = requests.get(url)
success = req.json()['success']
return success
def task_delete(server,taskid):
url = server + '/scan/' + taskid + '/delete'
requests.get(url)
def get_url(urls):
newurl = []
for url in urls:
if '?' in url:
newurl.append(url)
return newurl
if __name__ == "__main__":
usage()
targets = [x.rstrip() for x in open(sys.argv[1])]
targets = get_url(targets)
server = 'http://127.0.0.1:8775'
headers = {'Content-Type':'application/json'}
i= 0
vuln = []
for target in targets:
try:
data = {"url":target,'batch':True,'randomAgent':True,'tamper':'space2comment','tech':'BT','timeout':15,'level':1}
i = i + 1
flag = 0
(new,taskid) = task_new(server)
if new:
print "scan created"
if not new:
print "create failed"
start = task_start(server,taskid,data,headers)
if start:
print "--------------->>> start scan target %s" % i
if not start:
print "scan can not be started"
while start:
start_time = time.time()
status = task_status(server,taskid)
if status == 'running':
print "scan running:"
elif status == 'terminated':
print "scan terminated\n"
data = task_data(server,taskid)
if data:
print "--------------->>> congratulation! %s is vuln\n" % target
f = open('injection.txt','a')
f.write(target+'\n')
f.close()
vuln.append(target)
if not data:
print "--------------->>> the target is not vuln\n"
task_delete(server,taskid)
break
else:
print "scan get some error"
break
time.sleep(10)
flag1 = task_log(server,taskid)
flag = (flag + 1)*flag1
if (time.time() - start_time > 30) or (flag == 2): #此处设置检测超时时间,以及链接超时次数
print "there maybe a strong waf or time is over,i will abandon this target."
stop = task_stop(server,taskid)
if stop:
print "scan stoped"
if not stop:
print "the scan can not be stopped"
kill = task_kill(server,taskid)
task_delete(server,taskid)
if kill:
print "scan killed"
if not kill:
print "the scan can not be killed"
break
except:
pass
for each in vuln:
print each + '\n'