关于SQLmapapi调用

关于SQLmapapi调用

十二月 16, 2021

关于SQLmapapi调用

SQLmap简介

SQLMAP是一种开源渗透测试工具,可自动执行SQL注入缺陷的检测和开发过程,并接管数据库服务器。它有强大的检测引擎,针对不同类型的数据库提供多样的渗透测试功能选项,实现数据库识别、数据获取、访问DBMS\操作系统甚至通过带外数据连接的方式执行操作系统的命令。,以及从数据库指纹识别、从数据库获取数据、访问底层文件的广泛范围的交换机通过带外连接在操作系统上执行命令.

SQLmap源码下载

话不多说,直接上代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

import time
import requests
import json
def sqlmap_check(service,url):
    check_url = {
        'url':url
    }
    datas = json.dumps(check_url)
    headers = {
        'Content-Type': 'application/json'
    }
    # print(headers)
    data = requests.get(service + '/task/new')
    taskid = data.json()
    taskids = taskid['taskid']
    if data.status_code == 200:
        print('creat task success!\ntaskid = ' + taskid['taskid'])
        set_task_url = service + '/option/' + taskids + '/set'
        set_task_data = requests.post(url=set_task_url,data=datas,headers=headers)
        # print(set_task_data.content.decode('utf-8'))
        if 'success' in set_task_data.content.decode('utf-8'):
            check_url = service + '/scan/' + taskids + '/start'
            # print(check_url)
            start_check = requests.post(url=check_url, data=datas, headers=headers)
            # print(start_check)
            if 'success' in start_check.content.decode('utf-8'):
                print('***************SCAN***************')
                print("开始任务:{}  URL:{}".format(taskids,urls))
                while True:
                    scan_url = service + '/scan/' + taskids + '/status'
                    data = requests.get(scan_url)
                    if 'running' in data.content.decode('utf-8'):
                        print('正在检测URL:{}'.format(urls))
                        time.sleep(5)
                        pass
                    else:
                        scan_data = service + '/scan/' + taskids + '/data'
                        # print(scan_data)
                        scan_url_data = requests.get(scan_data)
                        # print(scan_url_data)
                        scan_sesults = scan_url_data.content.decode('utf-8')
                        # print(scan_sesults)
                        head = str('**********{}检测状态**********\n'.format(urls))
                        bottom = str('**********{}检测结束**********\n'.format(urls))
                        content = head + scan_sesults + '\n' + bottom + '\n' + '\n' + '\n'
                        f = open('scan_data.txt','a+')
                        f.write(content)
                        print('URL:{}检测结束'.format(urls))
                        kill_task_url = service + '/scan/' + taskids + '/kill'
                        requests.get(kill_task_url)
                        print('已结束{}扫描'.format(urls))
                        break
            else:
                print('set option fail!')
        else:
            print('creat scan fail!')
    else:
        print('creat task fail!')

if __name__ == '__main__':
    for url in open('url.txt'):
        urls = url.replace('\n', '')
        print(url)
        sqlmap_check('http://127.0.0.1:8775',urls)


运行效果截图