Python开发-sqlmapapi&Tamper&Pocsuite
sqlmapAPI调用实现自动化SQL注入安全检测
应用案例:前期通过信息收集拿到大量的URL地址,然后配合sqlmapAPI接口进行批量的sql注入检测(SRC挖掘)
- 创建新任务记录任务ID @get("/task/new")
- 设置任务ID扫描信息@get("/option//set")
- 开始扫描对应ID任务 @get("/scan//start")
- 读取扫描状态判断结果 @get("/scan//status")
- 如果结束删除ID@get("/task//delete")
- 扫描结果查看@get("/scan//data")
# Author:Serena
import requests,json
# 首先:进入sqlmap目录,启动sqlmapapi,命令:python sqlmapapi.py -s
# 出现以下内容说明启动成功
# F:\安全测试\00安全测试工具\sqlmap\sqlmap-package\sqlmapproject-sqlmap-1.2.2-18-g93859fd>python sqlmapapi.py -s
# [14:40:28] [INFO] Running REST-JSON API server at '127.0.0.1:8775'..
# [14:40:28] [INFO] Admin ID: b551026d61168d80124301f545c24096
# [14:40:28] [DEBUG] IPC database: 'c:\users\admini~1\appdata\local\temp\sqlmapipc-kdq7ha'
# [14:40:28] [DEBUG] REST-JSON API server connected to IPC database
# [14:40:28] [DEBUG] Using adapter 'wsgiref' to run bottle
#创建新任务,记录任务ID
task_new_url = 'http://127.0.0.1:8775/task/new'
resp = requests.get(task_new_url)
task_id = resp.json()['taskid']
# print(task_id)
#设置任务ID的配置信息(扫描信息)
data = {
"url":"http://127.0.0.1:8081/sqlilabs/Less-2/?id=1"
}
headers = {
"Content-Type":"application/json"
}
task_set_url = "http://127.0.0.1:8775/option/"+task_id+"/set"
task_set_resp = requests.post(task_set_url,data=json.dumps(data),headers=headers)
# print(task_set_resp.json())
#启动对应ID的扫描任务
task_start_url = "http://127.0.0.1:8775/scan/"+task_id+"/start"
task_start_resp = requests.post(task_start_url,data=json.dumps(data),headers=headers)
# print(task_start_resp.json())
#获取对应ID的扫描状态
task_status_url = "http://127.0.0.1:8775/scan/"+task_id+"/status"
task_status_resp = requests.get(task_status_url)
print(task_status_resp.json())- sqlmapapi plus
# Author:Serena
import time
import requests,json
# 首先:进入sqlmap目录,启动sqlmapapi,命令:python sqlmapapi.py -s
def sqlmapapi(url):
data = {
"url": url
}
headers = {
"Content-Type": "application/json"
}
# 创建新任务,记录任务ID
task_new_url = 'http://127.0.0.1:8775/task/new'
resp = requests.get(task_new_url)
task_id = resp.json()['taskid']
# print(task_id)
if 'success' in resp.content.decode('utf-8'):
print('sqlmapapi task create success!')
# 设置任务ID的配置信息(扫描信息)
task_set_url = "http://127.0.0.1:8775/option/" + task_id + "/set"
task_set_resp = requests.post(task_set_url, data=json.dumps(data), headers=headers)
# print(task_set_resp.json())
if 'success' in task_set_resp.content.decode('utf-8'):
print('sqlmapapi task set success!')
# 启动对应ID的扫描任务
task_start_url = "http://127.0.0.1:8775/scan/" + task_id + "/start"
task_start_resp = requests.post(task_start_url, data=json.dumps(data), headers=headers)
# print(task_start_resp.json())
if 'success' in task_start_resp.content.decode('utf-8'):
print('sqlmapapi task start success!')
while 1:
# 获取对应ID的扫描状态
task_status_url = "http://127.0.0.1:8775/scan/" + task_id + "/status"
task_status_resp = requests.get(task_status_url)
# print(task_status_resp.json())
if 'running' in task_status_resp.content.decode('utf-8'):
print('suqmapapi task scan running!-->' + url)
pass
else:
# print('sqlmapapi task scan end!')
#扫描结果查看
task_data_url = "http://127.0.0.1:8775/scan/" + task_id + "/data"
task_data_resp = requests.get(task_data_url).content.decode('utf-8')
print(task_data_resp)
with open(r'scan_result.txt','a+') as f:
f.write(url + '\n')
f.write(task_data_resp + '\n')
f.write('==========python sqlmapapi by Serena==========' + '\n')
#如果结束删除ID
task_delete_url = "http://127.0.0.1:8775/task/" + task_id + "/delete"
task_delete_resp = requests.get(task_delete_url)
if 'success' in task_delete_resp.content.decode('utf-8'):
print('delete taskid success!')
break
time.sleep(3)
if __name__ == '__main__':
for url in open('url.txt'):
url = url.replace('\n','')
# print(url)
sqlmapapi(url)Pocsuite3漏扫框架二次开发POC/EXP引入使用
开发当前项目过程:(利用已知框架增加引入最新或内部的EXP进行安全检测)
- 熟悉Pocsuite3项目使用及介绍
- 熟悉使用命令及代码文件对应情况
- 选取Glassfish漏洞进行编写测试
- 参考自带漏洞模板代码模仿写法测试
python cli.py -u x.x.x.x -r Glassfish.py --verify资源
Alipay
Wechat
最后一次更新于2022-06-13 13:41
0 条评论