文章目录
应用案例:前期通过信息收集拿到大量的URL地址,这个时候可以配置sqlmapAP接口进行批量的SQL注入检测 (SRC挖掘)
查看sqlmapapi使用方法
python
python sqlmapapi.py -h
启动sqlmapapi 的web服务:
任务流程:
1.创建新任务记录任务ID @get("/task/new"))
2.设置任务ID扫描信息 @post("/option/<taskid>/set")
3.开始扫描对应ID任务 @post ("/scan/<taskid>/start")
4.读取扫描状态判断结果 @get("/scan/<taskid>/status")
5.如果结束删除ID并获取结果 @get ("/task/<taskid>/delete")
6.扫描结果查看 @get("/scan/<taskid>/data")
简单使用
- 1.创建新任务记录任务ID
python
import requests
# 1.创建新任务记录任务ID
task_new_url='http://127.0.0.1:8775/task/new'
response=requests.get(url=task_new_url)
print(response.json())
- 2.设置任务ID扫描信息
python
import requests
import json
# 1.创建新任务记录任务ID
task_new_url = 'http://127.0.0.1:8775/task/new'
response = requests.get(url=task_new_url)
taskid = response.json()['taskid']
# 2.设置任务ID扫描信息
data={
'url':'http://192.168.8.3/sqli-labs-master/Less-2/?id=1'
}
headers={
'Content-Type':'application/json'
}
task_set_url='http://127.0.0.1:8775/option/'+taskid+'/set'
task_set_response=requests.post(url=task_set_url,data=json.dumps(data),headers=headers)
print(task_set_response.content.decode('utf-8'))
- 3.开始扫描对应ID任务
python
import requests
import json
# 1.创建新任务记录任务ID
task_new_url = 'http://127.0.0.1:8775/task/new'
response = requests.get(url=task_new_url)
taskid = response.json()['taskid']
# 2.设置任务ID扫描信息
data = {
'url': 'http://192.168.8.3/sqli-labs-master/Less-2/?id=1'
}
headers = {
'Content-Type': 'application/json'
}
task_set_url = 'http://127.0.0.1:8775/option/' + taskid + '/set'
task_set_response = requests.post(url=task_set_url, data=json.dumps(data), headers=headers)
# print(task_set_response.content.decode('utf-8'))
##### 3.开始扫描对应ID任务
task_start_url='http://127.0.0.1:8775/scan/'+taskid+'/start'
task_start_data=requests.post(task_start_url,data=json.dumps(data),headers=headers)
print(task_start_data.content.decode('utf-8'))
这边任务id和上面不一样是因为我重启了服务
- 获取扫描状态
python
import requests
import json
# 1.创建新任务记录任务ID
task_new_url = 'http://127.0.0.1:8775/task/new'
response = requests.get(url=task_new_url)
taskid = response.json()['taskid']
# 2.设置任务ID扫描信息
data = {
'url': 'http://192.168.8.3/sqli-labs-master/Less-2/?id=1'
}
headers = {
'Content-Type': 'application/json'
}
task_set_url = 'http://127.0.0.1:8775/option/' + taskid + '/set'
task_set_response = requests.post(url=task_set_url, data=json.dumps(data), headers=headers)
# print(task_set_response.content.decode('utf-8'))
# 3.开始扫描对应ID任务
task_start_url = 'http://127.0.0.1:8775/scan/' + taskid + '/start'
task_start_data = requests.post(task_start_url, data=json.dumps(data), headers=headers)
# print(task_start_data.content.decode('utf-8'))
# 4.读取扫描状态判断结果
task_scan_url = 'http://127.0.0.1:8775/scan/' + taskid + '/status'
task_scan_data = requests.get(task_scan_url)
print(task_scan_data.content.decode('utf-8'))
- 查看结果
查看扫描结果是get请求,所以可以在浏览器中查看结果
上述代码,在每运行一次都会创建一个任务ID,所以需要进行代码优化
优化
python
import time
import requests, json
# 创建任务
def sqlmapapi(url):
# 创建任务id
task_new_url = 'http://127.0.0.1:8775/task/new'
response = requests.get(url=task_new_url)
taskid = response.json()['taskid']
if 'success' in response.content.decode('utf-8'):
print('sqlmapapi task create success !')
data = {
'url': url
}
headers = {
'Content-Type': 'application/json'
}
# 设置 任务
task_set_url = 'http://127.0.0.1:8775/option/' + taskid + '/set'
task_set_response = requests.post(url=task_set_url, data=json.dumps(data), headers=headers)
if 'success' in task_set_response.content.decode('utf-8'):
print('sqlmapapi task set success !')
# 扫描任务
task_start_url = 'http://127.0.0.1:8775/scan/' + taskid + '/start'
task_start_data = requests.post(task_start_url, data=json.dumps(data), headers=headers)
if 'success' in task_start_data.content.decode('utf-8'):
print('sqlmapapi task start success !')
# 获取扫描状态
while True:
task_status_url = 'http://127.0.0.1:8775/scan/' + taskid + '/status'
task_status_data = requests.get(task_status_url)
if 'running' in task_status_data.content.decode('utf-8'):
print('sqlmapapi task scan running .....')
else:
# 查看扫描结果
task_data_url = 'http://127.0.0.1:8775/scan/' + taskid + '/data'
task_data = requests.get(task_data_url)
print(task_data.content.decode('utf-8'))
break
time.sleep(3)
if __name__ == '__main__':
# url='http://192.168.8.3/sqli-labs-master/Less-2/?id=1'
for url in open('url.txt'):
url = url.replace('\n', '')
sqlmapapi(url)