0x00前言:
大家都知道sqlmap是非常强大的sql注入工具,最近发现他有个sqlmap API,上网查了一下。发现这是
sqlmap的微端。(可以叫做sqlmap在线检测sql注入= =)
0x001准备:
环境:
Ubuntu 16.04
Python3
Python2
用到的库:requests,parform,os
0x002正文:
首先我们来启动sqlmapapi
sqlmapi -s
出现如下图就成功了:
sqlmapapi介绍:
http://127.0.0.1:8775/task/new 创建一个新的任务 GET请求
http://127.0.0.1:8775/scan/id + 要请求的值 并设置header头为(Content-Type:application/json) post请求 (这里的ID就是刚刚new的时候获取到的)
http://127.0.01:8775/scan/id/status 查看状态 GET请求
http://127.0.0.1:8775/scan/id/data 查看扫描结果 如果扫描结果返回空则代表无sql注入,如果返回不是空则有sql注入 GET请求
http://127.0.0.1:8775/task/delete 删除一个ID GET请求
http://127.0.0.1:8775/scan/kalii 杀死一个进程 GET请求
http://127.0.0.1:8775/scan/logo 查看扫描日志
http://127.0.0.1:8775/scan/stop 停止扫描
代码:
import requests import json import platform import os logo="#sqlmap api制作" \ "#九世制作" print(logo) print('[1]Manually open sqlmapapi') print('[2]Automatically open sqlmapapi') while True: start=input("Please choose:") if start == "1": print('[*]You choose to open sqlmapapi manually') break elif start == "2": print('[*]You choose to automatically open sqlmapapi') os.system('sqlmapapi.py -s') break else: print('[-]There is no choice') continue while True: user=input('Please enter the web site you want to scan:') if user==None: print('[-]You have nothing to enter') continue else: break vsersion=platform.uname() for p in vsersion: print('[*]Your operating system type is:{}'.format(p)) print(' ') def sqlmap(host): urlnew="http://127.0.0.1:8775/task/new" urlscan="http://127.0.0.1:8775/scan/" headers={"user-agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"} pd=requests.get(url=urlnew,headers=headers) print('[*]New task') jsons=pd.json() print("[*]id:",jsons['taskid']) print("[*]success:",jsons["success"]) id=jsons['taskid'] scan=urlscan+id+"/start" print("[*]scanurl:",scan) data=json.dumps({"url":"{}".format(host)}) headerss={"Content-Type":"application/json"} scans=requests.post(url=scan,headers=headerss,data=data) swq=scans.json() print('--------SCAN-----------') print('[*]scanid:',swq["engineid"]) print('[*]scansuccess:',swq["success"]) print('--------STATUS---------') status="http://127.0.0.1:8775/scan/{}/status".format(id) print(status) while True: staw=requests.get(url=status,headers=headers) if staw.json()['status'] == 'terminated': datas=requests.get(url='http://127.0.0.1:8775/scan/{}/data'.format(id)) dat=datas.json()['data'] print('[*]data:',dat) break elif staw.json()['status'] == 'running': continue sqlmap(user.strip())
扫描结果:
插入一曲BGM: