sqlmap/extra/msfauxmod/sqlmap.rb

106 lines
3.0 KiB
Ruby
Raw Normal View History

2010-06-10 01:43:22 +04:00
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
2008-10-15 19:38:22 +04:00
2010-06-10 01:43:22 +04:00
require 'msf/core'
2008-10-15 19:38:22 +04:00
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::WMAPScanUniqueQuery
include Msf::Auxiliary::Scanner
def initialize(info = {})
2010-06-10 01:43:22 +04:00
super(update_info(info,
2008-10-15 19:38:22 +04:00
'Name' => 'SQLMAP SQL Injection External Module',
'Description' => %q{
2010-06-10 01:43:22 +04:00
This module launch a sqlmap session.
2008-10-15 19:38:22 +04:00
sqlmap is an automatic SQL injection tool developed in Python.
Its goal is to detect and take advantage of SQL injection
vulnerabilities on web applications. Once it detects one
or more SQL injections on the target host, the user can
choose among a variety of options to perform an extensive
back-end database management system fingerprint, retrieve
DBMS session user and database, enumerate users, password
hashes, privileges, databases, dump entire or user
specific DBMS tables/columns, run his own SQL SELECT
statement, read specific files on the file system and much
more.
},
2010-06-10 01:43:22 +04:00
'Author' => [ 'Bernardo Damele A. G. <bernardo.damele[at]gmail.com>' ],
2008-10-15 19:38:22 +04:00
'License' => BSD_LICENSE,
2010-06-10 01:43:22 +04:00
'Version' => '$Revision: 9212 $',
2008-10-15 19:38:22 +04:00
'References' =>
[
['URL', 'http://sqlmap.sourceforge.net'],
]
))
2010-06-10 01:43:22 +04:00
2008-10-15 19:38:22 +04:00
register_options(
[
OptString.new('METHOD', [ true, "HTTP Method", 'GET' ]),
OptString.new('PATH', [ true, "The path/file to test for SQL injection", 'index.php' ]),
OptString.new('QUERY', [ false, "HTTP GET query", 'id=1' ]),
2010-06-10 01:43:22 +04:00
OptString.new('DATA', [ false, "The data string to be sent through POST", '' ]),
2008-10-15 19:38:22 +04:00
OptString.new('OPTS', [ false, "The sqlmap options to use", ' ' ]),
2010-06-10 01:43:22 +04:00
OptPath.new('SQLMAP_PATH', [ true, "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]),
OptBool.new('BATCH', [ true, "Never ask for user input, use the default behaviour", true ])
2008-10-15 19:38:22 +04:00
], self.class)
end
2010-06-10 01:43:22 +04:00
# Modify to true if you have sqlmap installed.
def wmap_enabled
false
end
2008-10-15 19:38:22 +04:00
# Test a single host
def run_host(ip)
2010-06-10 01:43:22 +04:00
sqlmap = datastore['SQLMAP_PATH']
2008-10-15 19:38:22 +04:00
if not sqlmap
print_error("The sqlmap script could not be found")
return
end
2010-06-10 01:43:22 +04:00
data = datastore['DATA']
2008-10-15 19:38:22 +04:00
method = datastore['METHOD'].upcase
sqlmap_url = (datastore['SSL'] ? "https" : "http")
2010-06-10 01:43:22 +04:00
sqlmap_url += "://" + wmap_target_host + ":" + wmap_target_port
sqlmap_url += "/" + datastore['PATH']
2008-10-15 19:38:22 +04:00
if method == "GET"
sqlmap_url += '?' + datastore['QUERY']
end
cmd = sqlmap + ' -u \'' + sqlmap_url + '\''
cmd += ' --method ' + method
cmd += ' ' + datastore['OPTS']
if not data.empty?
cmd += ' --data \'' + data + '\''
end
if datastore['BATCH'] == true
cmd += ' --batch'
end
print_status("exec: #{cmd}")
IO.popen( cmd ) do |io|
io.each_line do |line|
print_line("SQLMAP: " + line.strip)
end
end
end
end
2010-06-10 01:43:22 +04:00