sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-09 18:23:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

pass a pickled options object to sqlmap engine when called from API

Browse Source
This commit is contained in:
Bernardo Damele 2013-01-09 12:34:45 +00:00
parent 8457cff278
commit c44a829b9b
3 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/core/option.py
View File

@ -51,6 +51,7 @@ from lib.core.common import singleTimeWarnMessage
from lib.core.common import UnicodeRawConfigParser from lib.core.common import UnicodeRawConfigParser
from lib.core.common import urldecode from lib.core.common import urldecode
from lib.core.common import urlencode from lib.core.common import urlencode
from lib.core.convert import base64unpickle
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -1766,6 +1767,9 @@ def _mergeOptions(inputOptions, overrideOptions):
@type inputOptions: C{instance} @type inputOptions: C{instance}
""" """
if inputOptions.pickledOptions:
inputOptions = base64unpickle(inputOptions.pickledOptions)
if inputOptions.configFile: if inputOptions.configFile:
configFileParser(inputOptions.configFile) configFileParser(inputOptions.configFile)
@ -2051,9 +2055,9 @@ def init(inputOptions=AttribDict(), overrideOptions=False):
if not inputOptions.disableColoring: if not inputOptions.disableColoring:
coloramainit() coloramainit()
else: elif hasattr(LOGGER_HANDLER, "disable_coloring"):
if hasattr(LOGGER_HANDLER, "disable_coloring"): LOGGER_HANDLER.disable_coloring = True
LOGGER_HANDLER.disable_coloring = True
_setConfAttributes() _setConfAttributes()
_setKnowledgeBaseAttributes() _setKnowledgeBaseAttributes()
_mergeOptions(inputOptions, overrideOptions) _mergeOptions(inputOptions, overrideOptions)

4
lib/parse/cmdline.py
View File

@ -664,6 +664,8 @@ def cmdLineParser():
help="Simple wizard interface for beginner users") help="Simple wizard interface for beginner users")
# Hidden and/or experimental options # Hidden and/or experimental options
parser.add_option("--pickle", dest="pickledOptions", help=SUPPRESS_HELP)
parser.add_option("--profile", dest="profile", action="store_true", parser.add_option("--profile", dest="profile", action="store_true",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)
@ -757,7 +759,7 @@ def cmdLineParser():
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \ if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \ args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \
args.purgeOutput)): args.purgeOutput, args.pickledOptions)):
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), " errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), "
errMsg += "use -h for basic or -hh for advanced help" errMsg += "use -h for basic or -hh for advanced help"
parser.error(errMsg) parser.error(errMsg)

7
lib/utils/api.py
View File

@ -18,6 +18,7 @@ from subprocess import Popen
from lib.controller.controller import start from lib.controller.controller import start
from lib.core.common import unArrayizeValue from lib.core.common import unArrayizeValue
from lib.core.convert import base64pickle
from lib.core.convert import hexencode from lib.core.convert import hexencode
from lib.core.convert import stdoutencode from lib.core.convert import stdoutencode
from lib.core.data import paths from lib.core.data import paths
@ -48,6 +49,7 @@ RESTAPI_SERVER_PORT = 8775
# Local global variables # Local global variables
adminid = "" adminid = ""
procs = dict()
tasks = AttribDict() tasks = AttribDict()
# Generic functions # Generic functions
@ -251,6 +253,7 @@ def scan_start(taskid):
Launch a scan Launch a scan
""" """
global tasks global tasks
global procs
if taskid not in tasks: if taskid not in tasks:
abort(500, "Invalid task ID") abort(500, "Invalid task ID")
@ -266,8 +269,8 @@ def scan_start(taskid):
# Launch sqlmap engine in a separate thread # Launch sqlmap engine in a separate thread
logger.debug("starting a scan for task ID %s" % taskid) logger.debug("starting a scan for task ID %s" % taskid)
proc = Popen("python sqlmap.py -c %s" % config_file, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE) procs[taskid] = Popen("python sqlmap.py --pickle %s" % base64pickle(tasks[taskid]), shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
stdout, stderr = proc.communicate() stdout, stderr = procs[taskid].communicate()
return jsonize({"success": True}) return jsonize({"success": True})