add --detect-all option to use sqlmap for detect all sqli in targets

This commit is contained in:
ampotos 2013-08-13 14:47:49 +02:00
parent 4929cff0c0
commit b602ef0a73
4 changed files with 29 additions and 6 deletions

View File

@ -72,11 +72,12 @@ from lib.request.templates import getPageTemplate
from lib.techniques.union.test import unionTest
from lib.techniques.union.use import configUnion
def checkSqlInjection(place, parameter, value):
def checkSqlInjection(place, parameter, value, targetUrl):
# Store here the details about boundaries and payload used to
# successfully inject
injection = InjectionDict()
injection.target = targetUrl
# Localized thread data needed for some methods
threadData = getCurrentThreadData()

View File

@ -124,7 +124,15 @@ def _selectInjection():
kb.injection = kb.injections[index]
def _formatInjection(inj):
data = "Place: %s\n" % inj.place
if conf.detectAll:
data = 'Url: ' + inj.target + '\n'
else:
data = ""
if conf.detectAll:
data += " "
data += "Place: %s\n" % inj.place
if conf.detectAll:
data += " "
data += "Parameter: %s\n" % inj.parameter
for stype, sdata in inj.data.items():
@ -142,9 +150,17 @@ def _formatInjection(inj):
title = title.replace("columns", "column")
elif comment:
vector = "%s%s" % (vector, comment)
if conf.detectAll:
data += " "
data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
if conf.detectAll:
data += " "
data += " Title: %s\n" % title
if conf.detectAll:
data += " "
data += " Payload: %s\n" % urldecode(payload, unsafe="&", plusspace=(inj.place == PLACE.POST and kb.postSpaceToPlus))
if conf.detectAll:
data += " "
data += " Vector: %s\n\n" % vector if conf.verbose > 1 else "\n"
return data
@ -289,7 +305,7 @@ def start():
testSqlInj &= conf.hostname not in kb.vulnHosts
if not testSqlInj:
if not conf.detectAll and not testSqlInj:
infoMsg = "skipping '%s'" % targetUrl
logger.info(infoMsg)
continue
@ -424,7 +440,7 @@ def start():
testSqlInj = True
paramKey = (conf.hostname, conf.path, place, parameter)
if paramKey in kb.testedParams:
if paramKey in kb.testedParams and not conf.detectAll:
testSqlInj = False
infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
@ -478,7 +494,7 @@ def start():
infoMsg += "parameter '%s'" % parameter
logger.info(infoMsg)
injection = checkSqlInjection(place, parameter, value)
injection = checkSqlInjection(place, parameter, value, targetUrl)
proceed = not kb.endDetection
if injection is not None and injection.place is not None:

View File

@ -93,6 +93,7 @@ class InjectionDict(AttribDict):
self.prefix = None
self.suffix = None
self.clause = None
self.target = None
# data is a dict with various stype, each which is a dict with
# all the information specific for that stype

View File

@ -44,7 +44,7 @@ def cmdLineParser():
parser.add_option("-v", dest="verbose", type="int",
help="Verbosity level: 0-6 (default %d)" % defaults.verbose)
# Target options
target = OptionGroup(parser, "Target", "At least one of these "
"options has to be provided to set the target(s)")
@ -287,6 +287,11 @@ def cmdLineParser():
action="store_true",
help="Compare pages based only on their titles")
detection.add_option("--detect-all", dest="detectAll",
action="store_true",
help="Test all targets and all parameters even if a SQL injection was discovered")
# Techniques options
techniques = OptionGroup(parser, "Techniques", "These options can be "
"used to tweak testing of specific SQL "