安全Python开发sqlmapapi&Tamper&Pocsuite
Yatming的博客
sqlmapAPI调用实现自动化SQL注入安全检测
应用案例:前期通过信息收集拿到大量的URL地址,然后配合sqlmapAPI接口进行批量的sql注入检测(SRC挖掘)
- 创建新任务记录任务ID @get(“/task/new”)
- 设置任务ID扫描信息@get(“/option//set”)
- 开始扫描对应ID任务 @get(“/scan//start”)
- 读取扫描状态判断结果 @get(“/scan//status”)
- 如果结束删除ID@get(“/task//delete”)
- 扫描结果查看@get(“/scan//data”)
首先:进入sqlmap目录,启动sqlmapapi,命令:python sqlmapapi.py -s
代码1:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| import requests,json
task_new_url = 'http://127.0.0.1:8775/task/new'
resp = requests.get(task_new_url)
task_id = resp.json()['taskid']
print(task_id)
data = {
"url": "http://127.0.0.1/sqli-labs-master/Less-2/?id=1"
}
headers = {
"Content-Type": "application/json"
}
task_set_url = "http://127.0.0.1:8775/option/" + str(task_id) + "/set"
task_set_resp = requests.post(task_set_url, data=json.dumps(data), headers=headers)
print(task_set_resp.json())
task_start_url = "http://127.0.0.1:8775/scan/" + str(task_id) + "/start"
task_start_resp = requests.post(task_start_url, data=json.dumps(data), headers=headers)
print(task_start_resp.json())
task_status_url = "http://127.0.0.1:8775/scan/" + str(task_id) + "/status"
task_status_resp = requests.get(task_status_url)
print(task_status_resp.json())
|
访问
1
2
3
| http://127.0.0.1:8775/scan/43299c324c1539a8/data
这里的43299c324c1539a8是task_id
|
由于每一次都是新创建一个任务,需要进行优化,使得只创建一个任务进行扫描,这里通过if语句进行判断,如果上一步成功才进行下一步
sqlmapapi plus
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
| import time
import requests, json
def sqlmapapi(url):
data = {
"url": url
}
headers = {
"Content-Type": "application/json"
}
task_new_url = 'http://127.0.0.1:8775/task/new'
resp = requests.get(task_new_url)
task_id = resp.json()['taskid']
if 'success' in resp.content.decode('utf-8'):
print('sqlmapapi task create success!')
task_set_url = "http://127.0.0.1:8775/option/" + task_id + "/set"
task_set_resp = requests.post(task_set_url, data=json.dumps(data), headers=headers)
if 'success' in task_set_resp.content.decode('utf-8'):
print('sqlmapapi task set success!')
task_start_url = "http://127.0.0.1:8775/scan/" + task_id + "/start"
task_start_resp = requests.post(task_start_url, data=json.dumps(data), headers=headers)
if 'success' in task_start_resp.content.decode('utf-8'):
print('sqlmapapi task start success!')
while 1:
task_status_url = "http://127.0.0.1:8775/scan/" + task_id + "/status"
task_status_resp = requests.get(task_status_url)
if 'running' in task_status_resp.content.decode('utf-8'):
print('suqmapapi task scan running!-->' + url)
pass
else:
task_data_url = "http://127.0.0.1:8775/scan/" + task_id + "/data"
task_data_resp = requests.get(task_data_url).content.decode('utf-8')
print(task_data_resp)
with open(r'scan_result.txt', 'a+') as f:
f.write(url + '\n')
f.write(task_data_resp + '\n')
f.write('==========python sqlmapapi by yatming==========' + '\n')
task_delete_url = "http://127.0.0.1:8775/task/" + task_id + "/delete"
task_delete_resp = requests.get(task_delete_url)
if 'success' in task_delete_resp.content.decode('utf-8'):
print('delete taskid success!')
break
time.sleep(3)
if __name__ == '__main__':
for url in open('url.txt'):
url = url.replace('\n', '')
sqlmapapi(url)
|
url.txt
扫描之后的结果:
Sqlmap_Tamper 模块脚本编写绕过滤
sqlmap的tamper目录:如果注入的时候遇见WAF,就利用该目录下的文件进行绕过,在该目录新建一个:bypass_safedog.py文件
在这里可以添加自定义的绕过waf的脚本
绕过waf的文章
https://cloud.tencent.com/developer/article/2288229
https://www.secpulse.com/archives/196598.html
