How to use sqlmapapi to initiate scanning

Sqlmap can be described as an artifact of sql injection detection, but it is inefficient to test SQL injection by using sqlmap, and each url needs to be tested manually. The developer of sqlmap has added sqlmapapi.py, which can be operated directly through interface calls, simplifying the execution mode of sqlmap commands.

Sqlmap api is divided into server and client. sqlmap api has two modes, one is based on HTTP protocol and the other is based on command line.

Sqlmap source code download address: https://github.com/sqlmapproject/sqlmap/

First, check the help python sqlmapapi.py -h

Second, open the api server Before using the API service, you need to start the API server, whether it is based on the HTTP protocol or the interface mode based on the command line. To open the API server, just run the following command: python sqlmapapi.py -s s.

After the command is successful, some information will be returned on the command line. The following command probably means that the api server runs on the local port 8775, and the admin token is c6bbb0c1f86b7d7bc2ed6ce3e3ebdcb5, etc.

But opening the api server in this way has a disadvantage. When the server and the client are not the same host, they will not be connected. Therefore, if you want to solve this problem, you can open the api server by entering the following command: python sqlmapapi.py-s-h "0.0.0"-p8775.

After the command is successful, the remote client can connect to the API server by specifying the remote host IP and port.

Third, the interface mode based on the command line 3.1. Open the client and launch the injection command python sqlmapapi.py -c c.

If the client and server are not the same computer, enter the following command:

python sqlmapapi.py -c -H "192.168.1.101" -p 8775

3.2. help command, Get all commands help display help information new ARGS starts a new scanning task use TASKID Switch taskid data Get the data log returned by the current task Get the scanning log status of the current task Get the scanning status option OPTION Get the options options of the current task Get all the configuration information of the current task. Stop Stop the current task kill Kill the current task list Show all task lists flush Clear all tasks exit Exit Exit the client.

3.3, detection injection 3.3.1.new command

new -u "url"

Example: new -u "http://www.baidu.com "

Although we only specified the -u parameter, we can see from the returned information that after entering the new command, we first requested /task/new to create a new taskid, and then initiated a request to start the task, so we can find that the pattern is also based on the HTTP protocol.

3.3.2. status command

Get the scanning status of the task. If the status field in the returned content is terminated, the scanning is completed; if the status field in the returned content is run, the scanning is still in progress. The following figure is a screenshot of the scanning:

3.3.3. data command

If the data field in the returned data is not empty, it can be concluded that the injection has been successful. This example shows a return with SQL injection, which contains information such as database type, payload and injection parameters.

Fourth, the interface mode based on http protocol briefly introduces the main functions of the h of sqlmapapi.py based on the HTTP interface call mode, and enters the server class of lib/utils/api.py, and you can find that you can interact with the service by submitting data to the server. It is divided into three types.

Users' methods user method

Admin function management function

Sqlmap core interact functions core interaction function

The types of data that can be submitted are as follows:

4.1. User method @get("/task/new ")

@get("/task/new")def task_new(): """ Create a new task """ taskid = encodeHex(os.urandom(8), binary=False) remote_addr = request.remote_addr DataStore.tasks

VI. Implementation Process of sql Injection Automation