doom/sqli_check.py at master · lietdai/doom

History

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

#!/usr/bin/env python

# encoding: utf-8

# mail: root@1137.me

import json

import sys

import base64

import os

from time import sleep

from libnmap.process import NmapProcess

from libnmap.reportjson import ReportDecoder, ReportEncoder

from libnmap.parser import NmapParser, NmapParserException

from libnmap.plugins.backendpluginFactory import BackendPluginFactory

from util.req import Req

global_sqlmap = "/usr/bin/sqlmap"

global_options = " --batch --smart "

global_notify = "--alert='python "+sys.path[0]+"/"+sys.argv[0]+" notify "

global_flag = "sqli_vul"

global_dbcoon = 'mysql+mysqldb://root:123456@127.0.0.1:3306/wscan'

def sqliCheck(request, platform = None):

reqObj = Req(request)

#method filiter

if reqObj.method != "GET" and reqObj.method != "POST":

return None

#后缀删除

ext = getExtByUri(reqObj.uri)

if ext in ["gif","js","jpg","css","png","ico"]:

return None

#无参数 filter

if reqObj.method != "POST" and len(reqObj.url.split('=')) == 1:

return None

my_services_backend = BackendPluginFactory.create(plugin_name='backend_permission', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600)

reqFile = req2file(reqObj.hash,request)

notify = global_notify + reqFile + "\'"

cmd = global_sqlmap+ " -r "+reqFile + global_options + notify

print cmd

outPut = os.popen(cmd)

return outPut.read()

def getExtByUri(uri):

ext = uri.split('?')[0].split('.')

if len(ext) > 1 :

return ext[-1]

return None

def req2file(code, request):

fileName = "/tmp/"+code+".tmp"

fh = file(fileName, "wb")

fh.write(request)

fh.close()

return fileName

if __name__ == "__main__":

if len(sys.argv) == 2:

argv1 = base64.b64decode(sys.argv[1])

print sqliCheck(argv1)

elif len(sys.argv) == 3:

fh = open(sys.argv[2],'rb')

try:

data = fh.read( )

finally:

fh.close( )

my_services_backend = BackendPluginFactory.create(plugin_name='backend_permission', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600)

reqObj = Req(data)

target = reqObj.host

vul_type = global_flag

vul_detail ="SQLi Vul:\n"+data

my_services_backend.add(target,vul_type,vul_detail)

#print "VUL" if permissionCheck(reqStr) else "SAFE"

sys.exit(0)

else:

print ("usage: %s base64(request)" % sys.argv[0])

sys.exit(-1)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

sqli_check.py

sqli_check.py

Files

sqli_check.py

Latest commit

History

sqli_check.py

File metadata and controls