sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-12 00:53:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

solve problem of saving result of --sql-query in CSV file

Browse Source
This commit is contained in:
Aridhi-Dhia-eddine 2024-04-08 22:21:22 +01:00
parent 853cb3fa06
commit 4851c69b2a
2 changed files with 187 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
extra/icmpsh/README.txt
View File

@ -1,45 +1,45 @@
icmpsh - simple reverse ICMP shell icmpsh - simple reverse ICMP shell
icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C or Perl. icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C or Perl.
--- Running the Master --- --- Running the Master ---
The master is straight forward to use. There are no extra libraries required for the C version. The master is straight forward to use. There are no extra libraries required for the C version.
The Perl master however has the following dependencies: The Perl master however has the following dependencies:
* IO::Socket * IO::Socket
* NetPacket::IP * NetPacket::IP
* NetPacket::ICMP * NetPacket::ICMP
When running the master, don't forget to disable ICMP replies by the OS. For example: When running the master, don't forget to disable ICMP replies by the OS. For example:
sysctl -w net.ipv4.icmp_echo_ignore_all=1 sysctl -w net.ipv4.icmp_echo_ignore_all=1
If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive
commands send from the master. commands send from the master.
--- Running the Slave --- --- Running the Slave ---
The slave comes with a few command line options as outlined below: The slave comes with a few command line options as outlined below:
-t host host ip address to send ping requests to. This option is mandatory! -t host host ip address to send ping requests to. This option is mandatory!
-r send a single test icmp request containing the string "Test1234" and then quit. -r send a single test icmp request containing the string "Test1234" and then quit.
This is for testing the connection. This is for testing the connection.
-d milliseconds delay between requests in milliseconds -d milliseconds delay between requests in milliseconds
-o milliseconds timeout of responses in milliseconds. If a response has not received in time, -o milliseconds timeout of responses in milliseconds. If a response has not received in time,
the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit. the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit.
The counter is set back to 0 if a response was received. The counter is set back to 0 if a response was received.
-b num limit of blanks (unanswered icmp requests before quitting -b num limit of blanks (unanswered icmp requests before quitting
-s bytes maximal data buffer size in bytes -s bytes maximal data buffer size in bytes
In order to improve the speed, lower the delay (-d) between requests or increase the size (-s) of the data buffer. In order to improve the speed, lower the delay (-d) between requests or increase the size (-s) of the data buffer.

142
ok.py Normal file
View File

@ -0,0 +1,142 @@
import subprocess
from datetime import datetime
import sys
import os
import csv
import re
from urllib.parse import urlparse
#****************************************************************************************
# this function verify if the argument given is an URL
def est_url(url):
try:
result=urlparse(url)
return all([result.scheme, result.netloc])
except Exception as e:
return False
# this function verify if the argument given is a request
def est_requete(req):
exp_reg= expression_reguliere = re.compile(
r'\b(SELECT|UPDATE|DELETE|INSERT INTO|CREATE|ALTER|DROP|GRANT|REVOKE)\b',
re.IGNORECASE)
return re.search(exp_reg,req) is not None
#*****************************************************************************************
# read the arguements
arg=sys.argv
#*****************************************************************************************
#verify if the arguments given are correct or not
if (('-u' in arg)and('--sql-query' in arg)):
if (est_url(arg[2])):
if (est_requete(arg[-1])):
commande_sqlmap = ['python','sqlmap.py']+arg[1:]
else:
print("verify your request")
exit()
else:
print("verify your URL")
exit()
else:
print("Verify that you input correctly -u or --sql-query")
exit()
#*****************************************************************************************
#*****************************************************************************************
#extract the name of columns from the request
deb="SELECT"
fin="FROM"
#find the start point of the ""deb"" variable in the request
temp1=(arg[-1].upper()).find(deb)
#find the start point of the ""fin"" variable in the request
temp2=(arg[-1].upper()).find(fin)
#select the request from the arguments given bu the user in command line
temp_res=arg[-1]
#start selection of the columns names after the ""deb"" variable
T=len(deb)-temp1+1
temp_res=temp_res[T:temp2]
#split the String that contains columns name
temp_res=(temp_res.strip()).split(',')
#******************************************************************************************
#******************************************************************************************
#process the request
res=subprocess.check_output(commande_sqlmap)
#res=subprocess.run(commande_sqlmap,capture_output=True, text=True)
#view the result of processing the resquest
res = res.decode('utf-8')
print(res)
# Select actuel time
heure_actuelle = datetime.now()
heure_formattee = heure_actuelle.strftime("%H:%M:%S")
# ""m_deb"" variable is a string that represents the start point of showing the result of the request
m_deb="["+str(heure_formattee)+"]"+" [INFO] fetching SQL SELECT statement query output:"
# ""m_fin"" variable is a string that represents the end point point of showing the result of the request
m_fin="["+str(heure_formattee)+"]"+" [INFO] fetched data logged to text files under"
#""debut_message"" contains the position of the ""m_deb"" variable in the result
debut_message = res.find(m_deb)
#""fin_message"" contains the position of the ""m_fin"" variable in the result
fin_message = res.find(m_fin)
#select a part of the result that is between ""m_deb"" variable and ""m_fin"" variable
message = res[debut_message:fin_message].strip()
lignes = message.splitlines()
# ""donnees_sauvegarder"" variable is a list of dictionaries
donnees_sauvegarder = []
# loop on the ""lignes"" variable
for ligne in lignes:
# verify if this line contain [*]
if ligne.startswith("[*]"):
# extract data after '[*]'
v_temp=(ligne[4:].strip()).split(',')
d_temp={}
for i in range(len(temp_res)):
# add for every column from ""temp_res"" variable a value from ""v_temp"" variable
d_temp.update({temp_res[i]:v_temp[i]})
# add the dictionarie in the list
donnees_sauvegarder.append(d_temp)
#*****************************************************************************************************
# create a file named ""data_save.csv"" in same repositories with this script file
file_csv="data_save.csv"
if(len(donnees_sauvegarder)!=0):# if the process of the request send data
with open(file_csv,mode='w',newline='') as file_csv:
# write the header of this CSV file
writer=csv.DictWriter(file_csv,fieldnames=temp_res)
writer.writeheader()
# loop on the list of dictionaries named ""donnees_sauvegarder"" to wite its content on the CSV file
for part in donnees_sauvegarder:
writer.writerow(part)
# if the data is successfully saved in the CSV file this message show the place of the file
print("data saved in csv format under "+"'"+os.path.realpath("data_save.csv")+"'")
else:
print("data don't exist to create CSV file")
#********************************************************************************************************