forked from manning23/MSpider
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAutoSqli.py
119 lines (104 loc) · 3.6 KB
/
AutoSqli.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#!/usr/bin/python
#-*-coding:utf-8-*-
import requests
import time
import json
class AutoSqli(object):
"""
使用sqlmapapi的方法进行与sqlmapapi建立的server进行交互
By Manning
"""
def __init__(self, server='', target='',data = '',referer = '',cookie = ''):
super(AutoSqli, self).__init__()
self.server = server
if self.server[-1] != '/':
self.server = self.server + '/'
self.target = target
self.taskid = ''
self.engineid = ''
self.status = ''
self.data = data
self.referer = referer
self.cookie = cookie
self.start_time = time.time()
def task_new(self):
self.taskid = json.loads(
requests.get(self.server + 'task/new').text)['taskid']
print 'Created new task: ' + self.taskid
if len(self.taskid) > 0:
return True
return False
def task_delete(self):
if json.loads(requests.get(self.server + 'task/' + self.taskid + '/delete').text)['success']:
print '[%s] Deleted task' % (self.taskid)
return True
return False
def scan_start(self):
headers = {'Content-Type': 'application/json'}
payload = {'url': self.target}
url = self.server + 'scan/' + self.taskid + '/start'
t = json.loads(
requests.post(url, data=json.dumps(payload), headers=headers).text)
self.engineid = t['engineid']
if len(str(self.engineid)) > 0 and t['success']:
print 'Started scan'
return True
return False
def scan_status(self):
self.status = json.loads(
requests.get(self.server + 'scan/' + self.taskid + '/status').text)['status']
if self.status == 'running':
return 'running'
elif self.status == 'terminated':
return 'terminated'
else:
return 'error'
def scan_data(self):
self.data = json.loads(
requests.get(self.server + 'scan/' + self.taskid + '/data').text)['data']
if len(self.data) == 0:
print 'not injection:\t'
else:
print 'injection:\t' + self.target
def option_set(self):
headers = {'Content-Type': 'application/json'}
option = {"options": {
"smart": True,
...
}
}
url = self.server + 'option/' + self.taskid + '/set'
t = json.loads(
requests.post(url, data=json.dumps(option), headers=headers).text)
print t
def scan_stop(self):
json.loads(
requests.get(self.server + 'scan/' + self.taskid + '/stop').text)['success']
def scan_kill(self):
json.loads(
requests.get(self.server + 'scan/' + self.taskid + '/kill').text)['success']
def run(self):
if not self.task_new():
return False
self.option_set()
if not self.scan_start():
return False
while True:
if self.scan_status() == 'running':
time.sleep(10)
elif self.scan_status() == 'terminated':
break
else:
break
print time.time() - self.start_time
if time.time() - self.start_time > 3000:
error = True
self.scan_stop()
self.scan_kill()
break
self.scan_data()
self.task_delete()
print time.time() - self.start_time
if __name__ == '__main__':
t = AutoSqli('http://127.0.0.1:8774', 'http://192.168.3.171/1.php?id=1')
t.run()