sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:sqlmapproject/sqlmap

Browse Source
This commit is contained in:
Miroslav Stampar 2012-12-20 20:51:41 +01:00
commit 1073ebc697
4 changed files with 71 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/option.py
View File

@ -1784,7 +1784,7 @@ def _mergeOptions(inputOptions, overrideOptions):
kb.explicitSettings.add(key) kb.explicitSettings.add(key)
for key, value in defaults.items(): for key, value in defaults.items():
if conf[key] is None: if hasattr(conf, key) and conf[key] is None:
conf[key] = value conf[key] = value
def _setTrafficOutputFP(): def _setTrafficOutputFP():

11
lib/core/optiondict.py
View File

@ -183,6 +183,7 @@ optDict = {
"hexConvert": "boolean", "hexConvert": "boolean",
"oDir": "string", "oDir": "string",
"parseErrors": "boolean", "parseErrors": "boolean",
"saveCmdline": "boolean",
"updateAll": "boolean", "updateAll": "boolean",
"tor": "boolean", "tor": "boolean",
"torPort": "integer", "torPort": "integer",
@ -202,9 +203,19 @@ optDict = {
"hpp": "boolean", "hpp": "boolean",
"mobile": "boolean", "mobile": "boolean",
"pageRank": "boolean", "pageRank": "boolean",
"purgeOutput": "boolean",
"smart": "boolean", "smart": "boolean",
"testFilter": "string", "testFilter": "string",
"wizard": "boolean", "wizard": "boolean",
"verbose": "integer" "verbose": "integer"
}, },
"Hidden": {
"profile": "boolean",
"cpuThrottle": "integer",
"forceDns": "boolean",
"smokeTest": "boolean",
"liveTest": "boolean",
"stopFail": "boolean",
"runCase": "string"
}
} }

88
lib/utils/api.py
View File

@ -7,7 +7,6 @@ See the file 'doc/COPYING' for copying permission
import json import json
import logging import logging
import optparse
import os import os
import shutil import shutil
import sys import sys
@ -16,6 +15,17 @@ import tempfile
import threading import threading
import types import types
_multiprocessing = None
try:
import multiprocessing
# problems on FreeBSD (Reference: http://www.eggheadcafe.com/microsoft/Python/35880259/multiprocessing-on-freebsd.aspx)
_ = multiprocessing.Queue()
except (ImportError, OSError):
pass
else:
_multiprocessing = multiprocessing
from extra.bottle.bottle import abort from extra.bottle.bottle import abort
from extra.bottle.bottle import error from extra.bottle.bottle import error
from extra.bottle.bottle import get from extra.bottle.bottle import get
@ -27,20 +37,21 @@ from extra.bottle.bottle import run
from extra.bottle.bottle import static_file from extra.bottle.bottle import static_file
from extra.bottle.bottle import template from extra.bottle.bottle import template
from lib.controller.controller import start from lib.controller.controller import start
from lib.core.common import unArrayizeValue
from lib.core.convert import hexencode from lib.core.convert import hexencode
from lib.core.convert import stdoutencode from lib.core.convert import stdoutencode
from lib.core.data import paths from lib.core.data import paths
from lib.core.datatype import AttribDict from lib.core.datatype import AttribDict
from lib.core.data import cmdLineOptions
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.defaults import _defaults
from lib.core.log import FORMATTER from lib.core.log import FORMATTER
from lib.core.log import LOGGER_HANDLER from lib.core.log import LOGGER_HANDLER
from lib.core.log import LOGGER_OUTPUT from lib.core.log import LOGGER_OUTPUT
from lib.core.exception import SqlmapMissingDependence from lib.core.exception import SqlmapMissingDependence
from lib.core.optiondict import optDict
from lib.core.option import init from lib.core.option import init
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING
from lib.parse.cmdline import cmdLineParser
RESTAPI_SERVER_HOST = "127.0.0.1" RESTAPI_SERVER_HOST = "127.0.0.1"
RESTAPI_SERVER_PORT = 8775 RESTAPI_SERVER_PORT = 8775
@ -60,6 +71,37 @@ def is_admin(taskid):
else: else:
return True return True
def init_options():
dataype = {"boolean": False, "string": None, "integer": None, "float": None}
options = AttribDict()
for _ in optDict:
for name, type_ in optDict[_].items():
type_ = unArrayizeValue(type_)
options[name] = _defaults.get(name, dataype[type_])
# Enforce batch mode and disable coloring
options.batch = True
options.disableColoring = True
return options
def start_scan():
# Wrap logger stdout onto a custom file descriptor (LOGGER_OUTPUT)
def emit(self, record):
message = stdoutencode(FORMATTER.format(record))
print >>LOGGER_OUTPUT, message.strip('\r')
LOGGER_HANDLER.emit = types.MethodType(emit, LOGGER_HANDLER, type(LOGGER_HANDLER))
# Wrap standard output onto a custom file descriptor
sys.stdout = open(str(os.getpid()) + ".out", "wb")
#sys.stderr = StringIO.StringIO()
taskid = multiprocessing.current_process().name
init(tasks[taskid], True)
start()
@hook("after_request") @hook("after_request")
def security_headers(): def security_headers():
""" """
@ -106,10 +148,8 @@ def task_new():
""" """
global tasks global tasks
optset()
taskid = hexencode(os.urandom(16)) taskid = hexencode(os.urandom(16))
tasks[taskid] = AttribDict(cmdLineOptions) tasks[taskid] = init_options()
return jsonize({"taskid": taskid}) return jsonize({"taskid": taskid})
@ -247,17 +287,18 @@ def scan_start(taskid):
for key, value in request.json.items(): for key, value in request.json.items():
tasks[taskid][key] = value tasks[taskid][key] = value
print "TASKS:", tasks
# Overwrite output directory (oDir) value to a temporary directory # Overwrite output directory (oDir) value to a temporary directory
tasks[taskid].oDir = tempfile.mkdtemp(prefix="sqlmap-") tasks[taskid].oDir = tempfile.mkdtemp(prefix="sqlmap-")
init(tasks[taskid], True)
# Launch sqlmap engine in a separate thread # Launch sqlmap engine in a separate thread
thread = threading.Thread(target=start) logger.debug("starting a scan for task ID %s" % taskid)
thread.daemon = True
thread.start() if _multiprocessing:
#_multiprocessing.log_to_stderr(logging.DEBUG)
p = _multiprocessing.Process(name=taskid, target=start_scan)
p.daemon = True
p.start()
p.join()
return jsonize({"success": True}) return jsonize({"success": True})
@ -328,10 +369,6 @@ def download(taskid, target, filename):
else: else:
abort(500) abort(500)
def optset():
# Store original command line options for possible later restoration
cmdLineOptions.update(cmdLineParser().__dict__)
def server(host="0.0.0.0", port=RESTAPI_SERVER_PORT): def server(host="0.0.0.0", port=RESTAPI_SERVER_PORT):
""" """
REST-JSON API server REST-JSON API server
@ -339,27 +376,12 @@ def server(host="0.0.0.0", port=RESTAPI_SERVER_PORT):
global adminid global adminid
global tasks global tasks
# Enforce batch mode and disable coloring
cmdLineOptions.batch = True
cmdLineOptions.disableColoring = True
adminid = hexencode(os.urandom(16)) adminid = hexencode(os.urandom(16))
tasks[adminid] = AttribDict(cmdLineOptions) tasks[adminid] = init_options()
logger.info("running REST-JSON API server at '%s:%d'.." % (host, port)) logger.info("running REST-JSON API server at '%s:%d'.." % (host, port))
logger.info("the admin task ID is: %s" % adminid) logger.info("the admin task ID is: %s" % adminid)
# Wrap logger stdout onto a custom file descriptor (LOGGER_OUTPUT)
def emit(self, record):
message = stdoutencode(FORMATTER.format(record))
print >>LOGGER_OUTPUT, message.strip('\r')
LOGGER_HANDLER.emit = types.MethodType(emit, LOGGER_HANDLER, type(LOGGER_HANDLER))
# Wrap standard output onto a custom file descriptor
sys.stdout = StringIO.StringIO()
#sys.stderr = StringIO.StringIO()
# Run RESTful API # Run RESTful API
run(host=host, port=port, quiet=False, debug=False) run(host=host, port=port, quiet=False, debug=False)

5
sqlmapapi.py
View File

@ -25,16 +25,19 @@ if __name__ == "__main__":
# Set default logging level to debug # Set default logging level to debug
logger.setLevel(logging.DEBUG) logger.setLevel(logging.DEBUG)
# Initialize path variable
paths.SQLMAP_ROOT_PATH = modulePath() paths.SQLMAP_ROOT_PATH = modulePath()
setPaths() setPaths()
# Parse command line options
apiparser = optparse.OptionParser() apiparser = optparse.OptionParser()
apiparser.add_option("--server", help="Act as a REST-JSON API server", default=RESTAPI_SERVER_PORT, action="store_true") apiparser.add_option("-s", "--server", help="Act as a REST-JSON API server", default=RESTAPI_SERVER_PORT, action="store_true")
apiparser.add_option("-c", "--client", help="Act as a REST-JSON API client", default=RESTAPI_SERVER_PORT, action="store_true") apiparser.add_option("-c", "--client", help="Act as a REST-JSON API client", default=RESTAPI_SERVER_PORT, action="store_true")
apiparser.add_option("-H", "--host", help="Host of the REST-JSON API server", default=RESTAPI_SERVER_HOST, action="store") apiparser.add_option("-H", "--host", help="Host of the REST-JSON API server", default=RESTAPI_SERVER_HOST, action="store")
apiparser.add_option("-p", "--port", help="Port of the the REST-JSON API server", default=RESTAPI_SERVER_PORT, type="int", action="store") apiparser.add_option("-p", "--port", help="Port of the the REST-JSON API server", default=RESTAPI_SERVER_PORT, type="int", action="store")
(args, _) = apiparser.parse_args() (args, _) = apiparser.parse_args()
# Start the client or the server
if args.server is True: if args.server is True:
server(args.host, args.port) server(args.host, args.port)
elif args.client is True: elif args.client is True: