sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

removed deprecated metasploit module

Browse Source
This commit is contained in:
Bernardo Damele 2012-07-14 19:27:31 +01:00
parent 05331d1eb0
commit 4940610f38
2 changed files with 0 additions and 183 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
extra/msfauxmod/README.txt
View File

@ -1,78 +0,0 @@
To use Metasploit's sqlmap auxiliary module launch msfconsole and follow
the example below.
Note that if you are willing to run Metasploit's sqlmap auxiliary module on
through WMAP framework you first need to install sqlmap on your system or
add its file system path to the PATH environment variable.
$ ./msfconsole
_ _ _ _
| | | | (_) |
_ __ ___ ___| |_ __ _ ___ _ __ | | ___ _| |_
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
| | | | | | __/ || (_| \__ \ |_) | | (_) | | |_
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
| |
|_|
=[ msf v3.2-testing
+ -- --=[ 308 exploits - 173 payloads
+ -- --=[ 20 encoders - 6 nops
=[ 75 aux
msf > use auxiliary/scanner/http/wmap_sqlmap
msf auxiliary(wmap_sqlmap) > set RHOSTS 192.168.1.121
RHOSTS => 192.168.1.121
msf auxiliary(wmap_sqlmap) > set PATH /sqlmap/mysql/get_int.php
PATH => /sqlmap/mysql/get_int.php
msf auxiliary(wmap_sqlmap) > set QUERY id=1
QUERY => id=1
msf auxiliary(wmap_sqlmap) > set OPTS '--dbs --current-user'
OPTS => --dbs --current-user
msf auxiliary(wmap_sqlmap) > set SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py
msf auxiliary(wmap_sqlmap) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
BATCH true yes Never ask for user input, use the default behaviour
BODY no The data string to be sent through POST
METHOD GET yes HTTP Method
OPTS --dbs --current-user no The sqlmap options to use
PATH /sqlmap/mysql/get_int.php yes The path/file to test for SQL injection
Proxies no Use a proxy chain
QUERY id=1 no HTTP GET query
RHOSTS 192.168.1.121 yes The target address range or CIDR identifier
RPORT 80 yes The target port
SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py yes The sqlmap >= 0.6.1 full path
SSL false no Use SSL
THREADS 1 yes The number of concurrent threads
VHOST no HTTP server virtual host
msf auxiliary(wmap_sqlmap) > run
[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121:80//sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
SQLMAP:
SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
SQLMAP: and Daniele Bellucci <daniele.bellucci@gmail.com>
SQLMAP:
SQLMAP: [*] starting at: 16:23:19
SQLMAP:
SQLMAP: [16:23:20] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
SQLMAP: back-end DBMS: MySQL >= 5.0.0
SQLMAP:
SQLMAP: current user: 'testuser@localhost'
SQLMAP:
SQLMAP: available databases [3]:
SQLMAP: [*] information_schema
SQLMAP: [*] mysql
SQLMAP: [*] test
SQLMAP:
SQLMAP:
SQLMAP: [*] shutting down at: 16:23:21
SQLMAP:
[*] Auxiliary module execution completed
msf auxiliary(wmap_sqlmap) >

105
extra/msfauxmod/sqlmap.rb
View File

@ -1,105 +0,0 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::WMAPScanUniqueQuery
include Msf::Auxiliary::Scanner
def initialize(info = {})
super(update_info(info,
'Name' => 'SQLMAP SQL Injection External Module',
'Description' => %q{
This module launch a sqlmap session.
sqlmap is an automatic SQL injection tool developed in Python.
Its goal is to detect and take advantage of SQL injection
vulnerabilities on web applications. Once it detects one
or more SQL injections on the target host, the user can
choose among a variety of options to perform an extensive
back-end database management system fingerprint, retrieve
DBMS session user and database, enumerate users, password
hashes, privileges, databases, dump entire or user
specific DBMS tables/columns, run his own SQL SELECT
statement, read specific files on the file system and much
more.
},
'Author' => [ 'Bernardo Damele A. G. <bernardo.damele[at]gmail.com>' ],
'License' => BSD_LICENSE,
'Version' => '$Revision: 9212 $',
'References' =>
[
['URL', 'http://www.sqlmap.org'],
]
))
register_options(
[
OptString.new('METHOD', [ true, "HTTP Method", 'GET' ]),
OptString.new('PATH', [ true, "The path/file to test for SQL injection", 'index.php' ]),
OptString.new('QUERY', [ false, "HTTP GET query", 'id=1' ]),
OptString.new('DATA', [ false, "The data string to be sent through POST", '' ]),
OptString.new('OPTS', [ false, "The sqlmap options to use", ' ' ]),
OptPath.new('SQLMAP_PATH', [ true, "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]),
OptBool.new('BATCH', [ true, "Never ask for user input, use the default behaviour", true ])
], self.class)
end
# Modify to true if you have sqlmap installed.
def wmap_enabled
false
end
# Test a single host
def run_host(ip)
sqlmap = datastore['SQLMAP_PATH']
if not sqlmap
print_error("The sqlmap script could not be found")
return
end
data = datastore['DATA']
method = datastore['METHOD'].upcase
sqlmap_url = (datastore['SSL'] ? "https" : "http")
sqlmap_url += "://" + wmap_target_host + ":" + wmap_target_port
sqlmap_url += "/" + datastore['PATH']
if method == "GET"
sqlmap_url += '?' + datastore['QUERY']
end
cmd = sqlmap + ' -u \'' + sqlmap_url + '\''
cmd += ' --method ' + method
cmd += ' ' + datastore['OPTS']
if not data.empty?
cmd += ' --data \'' + data + '\''
end
if datastore['BATCH'] == true
cmd += ' --batch'
end
print_status("exec: #{cmd}")
IO.popen( cmd ) do |io|
io.each_line do |line|
print_line("SQLMAP: " + line.strip)
end
end
end
end