python使用sqlmap API检测SQL注入-LMLPHP

0x00前言:

大家都知道sqlmap是非常强大的sql注入工具,最近发现他有个sqlmap API,上网查了一下。发现这是

sqlmap的微端。(可以叫做sqlmap在线检测sql注入= =)

0x001准备:

环境:

Ubuntu 16.04

Python3

Python2

用到的库:requests,parform,os

0x002正文:


首先我们来启动sqlmapapi

sqlmapi -s

出现如下图就成功了:

python使用sqlmap API检测SQL注入-LMLPHP

sqlmapapi介绍:

http://127.0.0.1:8775/task/new 创建一个新的任务 GET请求

http://127.0.0.1:8775/scan/id + 要请求的值 并设置header头为(Content-Type:application/json) post请求 (这里的ID就是刚刚new的时候获取到的)

http://127.0.01:8775/scan/id/status 查看状态 GET请求

http://127.0.0.1:8775/scan/id/data 查看扫描结果 如果扫描结果返回空则代表无sql注入,如果返回不是空则有sql注入 GET请求

python使用sqlmap API检测SQL注入-LMLPHP

http://127.0.0.1:8775/task/delete 删除一个ID GET请求

http://127.0.0.1:8775/scan/kalii 杀死一个进程 GET请求

http://127.0.0.1:8775/scan/logo 查看扫描日志

http://127.0.0.1:8775/scan/stop 停止扫描

代码:

import requests
import json
import platform
import os
logo="#sqlmap api制作" \
"#九世制作"
print(logo)
print('[1]Manually open sqlmapapi')
print('[2]Automatically open sqlmapapi')
while True:
start=input("Please choose:")
if start == "":
print('[*]You choose to open sqlmapapi manually')
break
elif start == "":
print('[*]You choose to automatically open sqlmapapi')
os.system('sqlmapapi.py -s')
break
else:
print('[-]There is no choice')
continue while True:
user=input('Please enter the web site you want to scan:')
if user==None:
print('[-]You have nothing to enter')
continue
else:
break vsersion=platform.uname()
for p in vsersion:
print('[*]Your operating system type is:{}'.format(p)) print(' ') def sqlmap(host):
urlnew="http://127.0.0.1:8775/task/new"
urlscan="http://127.0.0.1:8775/scan/"
headers={"user-agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"}
pd=requests.get(url=urlnew,headers=headers)
print('[*]New task')
jsons=pd.json()
print("[*]id:",jsons['taskid'])
print("[*]success:",jsons["success"])
id=jsons['taskid']
scan=urlscan+id+"/start"
print("[*]scanurl:",scan)
data=json.dumps({"url":"{}".format(host)})
headerss={"Content-Type":"application/json"}
scans=requests.post(url=scan,headers=headerss,data=data)
swq=scans.json()
print('--------SCAN-----------')
print('[*]scanid:',swq["engineid"])
print('[*]scansuccess:',swq["success"])
print('--------STATUS---------')
status="http://127.0.0.1:8775/scan/{}/status".format(id)
print(status)
while True:
staw=requests.get(url=status,headers=headers)
if staw.json()['status'] == 'terminated':
datas=requests.get(url='http://127.0.0.1:8775/scan/{}/data'.format(id))
dat=datas.json()['data']
print('[*]data:',dat)
break
elif staw.json()['status'] == 'running':
continue sqlmap(user.strip())

扫描结果:

python使用sqlmap API检测SQL注入-LMLPHP

插入一曲BGM:

04-27 05:46