Skip to content

Latest commit

 

History

History
263 lines (147 loc) · 5.82 KB

README.rst

File metadata and controls

263 lines (147 loc) · 5.82 KB
Raw

Simplify Your Operations For SqlmapAPI

Intro

This is a library used to simplify operations for sqlmapapi, you needn't manually request remote sqlmapapi server to create task, run task or others by HTTP, just a few steps as follow:

def test():
    admin_id = '10af2eefc9606577bccb75ced1fa74db'
    c = client.Client(admin_id)
    task = c.create_task()
    r = task.run(url='http://testphp.vulnweb.com/artists.php?artist=1')
    print(r)
    c.delete_task(task.id)

Installation

pip install sqlmapcli

or

git clone https://www.github.com/jetz/sqlmapapi
cd sqlmapcli && python setup.py install

API

Client

class sqlmapcli.Client(admin_id, host='127.0.0.1', port=8775)

Call remote api to create/delete/list/flush task.

admin_id is used to list & flush tasks, it can be obtained after starting a sqlmapapi server by sqlmapapi -s. If use sqlmap-proxy, admin id is what you config.

Methods

Client.create_task(options=None)

Returns task object. This method will create a task object on client side, and request to create a task on remote server side.

options can be achieved by curl http://<host>:<port>/option/<taskid>/list, alternatively, can set options in task object later.

Client.delete_task(self, taskid)

Returns True if successful, False otherwise

Delete a remote task with it's taskid.

Client.list_tasks(self)

Returns remote tasks info as dict.

List tasks's info of remote server side. It only requests remote sqlmapapi server and gets response, the tasks info are remote info, not local task objects created by Client.create_task method.

Client.flush_tasks(self)

Returns True if flush successfully, False otherwise

Flush remote sqlmapapi server's tasks.

Task

class sqlmapcli.Task(id, options, addr)

Returns a task object. Generally, Client.create_task do it for you.

Task id comes from remote sqlmapapi server.

All optional options can list by curl http://<host>:<port>/option/<taskid>/list.

addr is remote sqlmapapi server address.

Attributes

Task.ready

It's True If task is created but not start, False otherwise.

Task.running

It's True if task start but not finished, False otherwise.

Task.finished

It's True if task is finished, False otherwise.

Methods

Task.set_option(key, value)

Returns task object for chained call.

Set option for task. Options can be set when client create task, or call set_option after task is created but not start. This method can be chain-called, like:

Example:

task.set_option('url', 'http://testphp.vulnweb.com/artists.php?artist=1').set_option('dbms', 'mysql')

Task.get_option(key)

Returns option value.

If key is not set, raise error

Task.update_options(options)

Update bulk options at same time. options is a dict contains some valid values as set_option.

Task.list_options()

Returns all options that you have set.

NOTICE: not option list in remote server.

Task.start(url=None, options=None)

Returns engineid, maybe useful in future.

url is the target to scan by sqlmap, it's a shorthand for setting option with key url.

You can pass options here directly or set_option or update_options in task or pass options when create task, choose one way as you like.

Example:

def test(admin_id):
    c = client.Client(admin_id)
    try:
        task = c.create_task()
    except:
        return
    task.set_option('url', 'http://testphp.vulnweb.com/artists.php?artist=1')
    task.start()
    while task.running:
        time.sleep(2)
    r = task.get_result()
    pprint(r)
    c.delete_task(task.id)

Task.stop()

Returns True if stop successfully, False otherwise.

Stop running task.

Task.kill()

Returns True if Kill successfully, False otherwise.

Kill running task unconditionally.

Task.status()

Returns a dict contains status and retcode. It may raise TaskStatusError.

Task's current status, not running, running, terminated.

Task.get_result()

Returns task data as dict. It may raise TaskResultError.

Task.get_log(start=None, end=None)

Returns task log data as dict. It may raise TaskLogError.

If start & end is None, return all logs, otherwise return logs between start and end index.

Task.run(url=None, options=None, interval=5)

Returns task result dict if successfully, None otherwise.

This method is shorthand for call start, status and get_result.

url and options is same as start method.

interval poll to check task status.

Example:

def test(admin_id):
    c = client.Client(admin_id)
    try:
        task = c.create_task(options={'url':'http://testphp.vulnweb.com/artists.php?artist=1'})
        task.run()
    except:
        return
    print(r)
    r = c.list_tasks()
    print(r)
    c.delete_task(task.id)
    c.flush_tasks()

TODO

  • more examples
  • download interface