sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-11 19:21:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Remove demo.py, add POST data support with --method POST, update examples with OWASP Juice Shop endpoints

Browse Source 
Co-authored-by: GilbertKrantz <90319182+GilbertKrantz@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2026-01-05 18:33:35 +00:00
parent 19e8e6453d
commit cae2ca7da9
4 changed files with 65 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
EXAMPLES.md
View File

@ -13,14 +13,14 @@ pip install -r requirements.txt
Test a single URL with minimal risk:
```bash
python sqlmapcli.py -u "http://example.com/page?id=1"
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test"
```
### 2. Comprehensive Scan
Test all combinations of risk (1-3) and levels (1-5) automatically:
```bash
python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --comprehensive
```
This runs **15 tests total** (5 levels × 3 risks) and provides a complete vulnerability assessment.
@ -30,10 +30,10 @@ Run a specific test configuration:
```bash
# Medium level, medium risk
python sqlmapcli.py -u "http://example.com/page?id=1" --level 3 --risk 2
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --level 3 --risk 2
# High level, high risk
python sqlmapcli.py -u "http://example.com/page?id=1" --level 5 --risk 3
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --level 5 --risk 3
```
### 4. Interactive Mode
@ -53,9 +53,26 @@ Limit the comprehensive scan to specific max values:
```bash
# Test only up to level 3 and risk 2
python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive --max-level 3 --max-risk 2
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --comprehensive --max-level 3 --max-risk 2
```
## Real-World Testing Example
**Using OWASP Juice Shop Demo** (a legitimate vulnerable application for security testing):
```bash
# Quick scan on OWASP Juice Shop REST API with GET parameter
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --level 2 --risk 2
# Test login endpoint with POST data (JSON)
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/user/login" --data='{"email":"test@example.com","password":"password123"}' --level 2 --risk 2
# Comprehensive scan on login endpoint
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/user/login" --data='{"email":"test@example.com","password":"password123"}' --comprehensive
```
This is a real, legitimate target designed for security testing and learning.
## Understanding Levels and Risks
### Levels (1-5)
@ -128,12 +145,16 @@ python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive --max-leve
3. **Adjust timeout if needed**: Some tests may take longer on slow networks
4. **Legal use only**: Only test targets you have explicit permission to test
## Demo
## Testing Resources
To see a demonstration of the UI without running actual tests:
**⚠️ IMPORTANT**: Only test websites you own or have explicit written permission to test.
```bash
python demo.py
```
For learning and practice, you can use legitimate SQL injection testing websites designed for security education:
This shows example output with simulated results.
- **DVWA** (Damn Vulnerable Web Application) - Set up locally
- **WebGoat** - OWASP's deliberately insecure application
- **bWAPP** - Buggy Web Application for practicing
- **OWASP Juice Shop** - Modern vulnerable web application
- **Local test environments** - Set up your own vulnerable applications
Always ensure you have permission before testing any website. Unauthorized testing is illegal.

6
README.md
View File

@ -40,17 +40,17 @@ pip install -r requirements.txt
**Quick scan** (default settings):
```bash
python sqlmapcli.py -u "http://example.com/page?id=1"
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test"
```
**Comprehensive scan** (tests all risk and level combinations):
```bash
python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --comprehensive
```
**Custom level and risk**:
```bash
python sqlmapcli.py -u "http://example.com/page?id=1" --level 3 --risk 2
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --level 3 --risk 2
```
**Interactive mode**:

142
demo.py
View File

@ -1,142 +0,0 @@
#!/usr/bin/env python3
"""
Demo script to showcase the SQLMapCLI interface
"""
from rich.console import Console
from rich.panel import Panel
from rich.table import Table
from rich.progress import Progress, SpinnerColumn, TextColumn, BarColumn, TimeElapsedColumn
from rich import box
import time
console = Console()
def demo_banner():
"""Display the banner"""
banner = """
CLI - Automated SQL Injection Testing
"""
console.print(banner, style="bold cyan")
console.print(
Panel(
"[yellow]⚠️ Legal Disclaimer: Only use on targets you have permission to test[/yellow]",
border_style="yellow",
box=box.ROUNDED
)
)
console.print()
def demo_comprehensive_scan():
"""Demo comprehensive scan with results"""
console.print(
Panel(
"[cyan]Running comprehensive scan on:[/cyan]\n[yellow]http://testphp.vulnweb.com/artists.php?artist=1[/yellow]",
border_style="cyan",
box=box.ROUNDED
)
)
console.print()
# Simulate scanning
results_table = Table(title="Scan Results", box=box.ROUNDED)
results_table.add_column("Level", style="cyan", justify="center")
results_table.add_column("Risk", style="yellow", justify="center")
results_table.add_column("Status", justify="center")
results_table.add_column("Findings", style="magenta")
with Progress(
SpinnerColumn(),
TextColumn("[progress.description]{task.description}"),
BarColumn(),
TextColumn("[progress.percentage]{task.percentage:>3.0f}%"),
TimeElapsedColumn(),
console=console
) as progress:
task = progress.add_task("[cyan]Scanning...", total=6)
for level in range(1, 3):
for risk in range(1, 4):
progress.update(
task,
description=f"[cyan]Testing Level {level}, Risk {risk}..."
)
time.sleep(0.5) # Simulate work
findings = "No vulnerabilities" if (level == 1 and risk == 1) else "2 found!" if level == 2 and risk == 3 else "No vulnerabilities"
findings_style = "green" if findings == "No vulnerabilities" else "bold red"
results_table.add_row(
str(level),
str(risk),
"[green]✓[/green]",
f"[{findings_style}]{findings}[/{findings_style}]"
)
progress.update(task, advance=1)
console.print()
console.print(results_table)
console.print()
def demo_summary():
"""Demo result summary"""
summary_text = """
[cyan]Target:[/cyan] http://testphp.vulnweb.com/artists.php?artist=1
[cyan]Total Tests:[/cyan] 6
[cyan]Duration:[/cyan] 45.32 seconds
[cyan]Vulnerabilities Found:[/cyan] 2
"""
console.print(
Panel(
summary_text.strip(),
title="[bold]Scan Summary[/bold]",
border_style="red",
box=box.DOUBLE
)
)
console.print()
# Display vulnerabilities
vuln_table = Table(title="⚠️ Vulnerabilities Detected", box=box.HEAVY)
vuln_table.add_column("Parameter", style="cyan")
vuln_table.add_column("Type", style="yellow")
vuln_table.add_column("Title", style="red")
vuln_table.add_row(
"artist",
"boolean-based blind",
"AND boolean-based blind - WHERE or HAVING clause"
)
vuln_table.add_row(
"artist",
"time-based blind",
"MySQL >= 5.0.12 AND time-based blind (query SLEEP)"
)
console.print(vuln_table)
console.print()
console.print(
"[bold red]⚠️ SQL injection vulnerabilities detected! Take immediate action.[/bold red]"
)
console.print()
if __name__ == "__main__":
demo_banner()
time.sleep(1)
demo_comprehensive_scan()
time.sleep(1)
demo_summary()

43
sqlmapcli.py
View File

@ -80,7 +80,7 @@ class SQLMapCLI:
self.console.print()
def run_sqlmap_test(self, url: str, level: int, risk: int, technique: str = "BEUSTQ",
batch: bool = True, extra_args: List[str] = None) -> Tuple[bool, str]:
batch: bool = True, data: str = None, extra_args: List[str] = None) -> Tuple[bool, str]:
"""Run sqlmap with specified parameters"""
cmd = [
sys.executable,
@ -95,6 +95,9 @@ class SQLMapCLI:
if batch:
cmd.append("--batch")
if data:
cmd.extend(["--data", data, "--method", "POST"])
if extra_args:
cmd.extend(extra_args)
@ -150,7 +153,7 @@ class SQLMapCLI:
}
def comprehensive_scan(self, url: str, max_level: int = 5, max_risk: int = 3,
techniques: str = "BEUSTQ"):
techniques: str = "BEUSTQ", data: str = None):
"""Run comprehensive scan with all levels and risks"""
self.results['target'] = url
self.results['start_time'] = datetime.now()
@ -188,7 +191,7 @@ class SQLMapCLI:
description=f"[cyan]Testing Level {level}, Risk {risk}..."
)
success, output = self.run_sqlmap_test(url, level, risk, techniques)
success, output = self.run_sqlmap_test(url, level, risk, techniques, data=data)
parsed = self.parse_results(output)
status = "" if success else ""
@ -217,14 +220,18 @@ class SQLMapCLI:
self.console.print(results_table)
self.display_summary()
def quick_scan(self, url: str, level: int = 1, risk: int = 1):
def quick_scan(self, url: str, level: int = 1, risk: int = 1, data: str = None):
"""Run a quick scan with default settings"""
self.results['target'] = url
self.results['start_time'] = datetime.now()
scan_info = f"[cyan]Running quick scan on:[/cyan]\n[yellow]{url}[/yellow]\n[dim]Level: {level}, Risk: {risk}[/dim]"
if data:
scan_info += f"\n[dim]POST Data: {data}[/dim]"
self.console.print(
Panel(
f"[cyan]Running quick scan on:[/cyan]\n[yellow]{url}[/yellow]\n[dim]Level: {level}, Risk: {risk}[/dim]",
scan_info,
border_style="cyan",
box=box.ROUNDED
)
@ -238,7 +245,7 @@ class SQLMapCLI:
) as progress:
task = progress.add_task("[cyan]Scanning for vulnerabilities...", total=None)
success, output = self.run_sqlmap_test(url, level, risk)
success, output = self.run_sqlmap_test(url, level, risk, data=data)
progress.update(task, completed=True)
parsed = self.parse_results(output)
@ -334,14 +341,17 @@ def main():
formatter_class=argparse.RawDescriptionHelpFormatter,
epilog="""
Examples:
# Quick scan with default settings
python sqlmapcli.py -u "http://example.com/page?id=1"
# Quick scan with default settings (GET parameter)
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test"
# Test with POST data (JSON)
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/user/login" --data='{"email":"test@example.com","password":"pass123"}'
# Comprehensive scan (all risk and level combinations)
python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --comprehensive
# Custom level and risk
python sqlmapcli.py -u "http://example.com/page?id=1" --level 3 --risk 2
# Custom level and risk with POST data
python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/user/login" --data='{"email":"test@example.com","password":"pass123"}' --level 3 --risk 2
# Interactive mode
python sqlmapcli.py --interactive
@ -398,6 +408,12 @@ Examples:
help='SQL injection techniques to use (default: BEUSTQ)'
)
parser.add_argument(
'--data',
type=str,
help='Data string to be sent through POST (e.g., "username=test&password=test")'
)
parser.add_argument(
'-i', '--interactive',
action='store_true',
@ -435,10 +451,11 @@ Examples:
args.url,
max_level=args.max_level,
max_risk=args.max_risk,
techniques=args.technique
techniques=args.technique,
data=args.data
)
else:
cli.quick_scan(args.url, level=args.level, risk=args.risk)
cli.quick_scan(args.url, level=args.level, risk=args.risk, data=args.data)
if __name__ == "__main__":