From cae2ca7da94e31f9e815c41d254a5bbe20cd5acb Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 5 Jan 2026 18:33:35 +0000 Subject: [PATCH] Remove demo.py, add POST data support with --method POST, update examples with OWASP Juice Shop endpoints Co-authored-by: GilbertKrantz <90319182+GilbertKrantz@users.noreply.github.com> --- EXAMPLES.md | 43 ++++++++++++---- README.md | 6 +-- demo.py | 142 --------------------------------------------------- sqlmapcli.py | 43 +++++++++++----- 4 files changed, 65 insertions(+), 169 deletions(-) delete mode 100755 demo.py diff --git a/EXAMPLES.md b/EXAMPLES.md index dfbc6136e..9ca4d38e0 100644 --- a/EXAMPLES.md +++ b/EXAMPLES.md @@ -13,14 +13,14 @@ pip install -r requirements.txt Test a single URL with minimal risk: ```bash -python sqlmapcli.py -u "http://example.com/page?id=1" +python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" ``` ### 2. Comprehensive Scan Test all combinations of risk (1-3) and levels (1-5) automatically: ```bash -python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive +python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --comprehensive ``` This runs **15 tests total** (5 levels × 3 risks) and provides a complete vulnerability assessment. @@ -30,10 +30,10 @@ Run a specific test configuration: ```bash # Medium level, medium risk -python sqlmapcli.py -u "http://example.com/page?id=1" --level 3 --risk 2 +python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --level 3 --risk 2 # High level, high risk -python sqlmapcli.py -u "http://example.com/page?id=1" --level 5 --risk 3 +python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --level 5 --risk 3 ``` ### 4. Interactive Mode @@ -53,9 +53,26 @@ Limit the comprehensive scan to specific max values: ```bash # Test only up to level 3 and risk 2 -python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive --max-level 3 --max-risk 2 +python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --comprehensive --max-level 3 --max-risk 2 ``` +## Real-World Testing Example + +**Using OWASP Juice Shop Demo** (a legitimate vulnerable application for security testing): + +```bash +# Quick scan on OWASP Juice Shop REST API with GET parameter +python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --level 2 --risk 2 + +# Test login endpoint with POST data (JSON) +python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/user/login" --data='{"email":"test@example.com","password":"password123"}' --level 2 --risk 2 + +# Comprehensive scan on login endpoint +python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/user/login" --data='{"email":"test@example.com","password":"password123"}' --comprehensive +``` + +This is a real, legitimate target designed for security testing and learning. + ## Understanding Levels and Risks ### Levels (1-5) @@ -128,12 +145,16 @@ python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive --max-leve 3. **Adjust timeout if needed**: Some tests may take longer on slow networks 4. **Legal use only**: Only test targets you have explicit permission to test -## Demo +## Testing Resources -To see a demonstration of the UI without running actual tests: +**⚠️ IMPORTANT**: Only test websites you own or have explicit written permission to test. -```bash -python demo.py -``` +For learning and practice, you can use legitimate SQL injection testing websites designed for security education: -This shows example output with simulated results. +- **DVWA** (Damn Vulnerable Web Application) - Set up locally +- **WebGoat** - OWASP's deliberately insecure application +- **bWAPP** - Buggy Web Application for practicing +- **OWASP Juice Shop** - Modern vulnerable web application +- **Local test environments** - Set up your own vulnerable applications + +Always ensure you have permission before testing any website. Unauthorized testing is illegal. diff --git a/README.md b/README.md index 172c4df25..131f8728f 100644 --- a/README.md +++ b/README.md @@ -40,17 +40,17 @@ pip install -r requirements.txt **Quick scan** (default settings): ```bash -python sqlmapcli.py -u "http://example.com/page?id=1" +python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" ``` **Comprehensive scan** (tests all risk and level combinations): ```bash -python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive +python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --comprehensive ``` **Custom level and risk**: ```bash -python sqlmapcli.py -u "http://example.com/page?id=1" --level 3 --risk 2 +python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --level 3 --risk 2 ``` **Interactive mode**: diff --git a/demo.py b/demo.py deleted file mode 100755 index 3b9a0eb7d..000000000 --- a/demo.py +++ /dev/null @@ -1,142 +0,0 @@ -#!/usr/bin/env python3 -""" -Demo script to showcase the SQLMapCLI interface -""" - -from rich.console import Console -from rich.panel import Panel -from rich.table import Table -from rich.progress import Progress, SpinnerColumn, TextColumn, BarColumn, TimeElapsedColumn -from rich import box -import time - -console = Console() - -def demo_banner(): - """Display the banner""" - banner = """ -╔═══════════════════════════════════════════════════════════════╗ -║ ║ -║ ███████╗ ██████╗ ██╗ ███╗ ███╗ █████╗ ██████╗ ║ -║ ██╔════╝██╔═══██╗██║ ████╗ ████║██╔══██╗██╔══██╗ ║ -║ ███████╗██║ ██║██║ ██╔████╔██║███████║██████╔╝ ║ -║ ╚════██║██║▄▄ ██║██║ ██║╚██╔╝██║██╔══██║██╔═══╝ ║ -║ ███████║╚██████╔╝███████╗██║ ╚═╝ ██║██║ ██║██║ ║ -║ ╚══════╝ ╚══▀▀═╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ║ -║ ║ -║ CLI - Automated SQL Injection Testing ║ -║ ║ -╚═══════════════════════════════════════════════════════════════╝ - """ - console.print(banner, style="bold cyan") - console.print( - Panel( - "[yellow]⚠️ Legal Disclaimer: Only use on targets you have permission to test[/yellow]", - border_style="yellow", - box=box.ROUNDED - ) - ) - console.print() - -def demo_comprehensive_scan(): - """Demo comprehensive scan with results""" - console.print( - Panel( - "[cyan]Running comprehensive scan on:[/cyan]\n[yellow]http://testphp.vulnweb.com/artists.php?artist=1[/yellow]", - border_style="cyan", - box=box.ROUNDED - ) - ) - console.print() - - # Simulate scanning - results_table = Table(title="Scan Results", box=box.ROUNDED) - results_table.add_column("Level", style="cyan", justify="center") - results_table.add_column("Risk", style="yellow", justify="center") - results_table.add_column("Status", justify="center") - results_table.add_column("Findings", style="magenta") - - with Progress( - SpinnerColumn(), - TextColumn("[progress.description]{task.description}"), - BarColumn(), - TextColumn("[progress.percentage]{task.percentage:>3.0f}%"), - TimeElapsedColumn(), - console=console - ) as progress: - - task = progress.add_task("[cyan]Scanning...", total=6) - - for level in range(1, 3): - for risk in range(1, 4): - progress.update( - task, - description=f"[cyan]Testing Level {level}, Risk {risk}..." - ) - time.sleep(0.5) # Simulate work - - findings = "No vulnerabilities" if (level == 1 and risk == 1) else "2 found!" if level == 2 and risk == 3 else "No vulnerabilities" - findings_style = "green" if findings == "No vulnerabilities" else "bold red" - - results_table.add_row( - str(level), - str(risk), - "[green]✓[/green]", - f"[{findings_style}]{findings}[/{findings_style}]" - ) - - progress.update(task, advance=1) - - console.print() - console.print(results_table) - console.print() - -def demo_summary(): - """Demo result summary""" - summary_text = """ -[cyan]Target:[/cyan] http://testphp.vulnweb.com/artists.php?artist=1 -[cyan]Total Tests:[/cyan] 6 -[cyan]Duration:[/cyan] 45.32 seconds -[cyan]Vulnerabilities Found:[/cyan] 2 - """ - - console.print( - Panel( - summary_text.strip(), - title="[bold]Scan Summary[/bold]", - border_style="red", - box=box.DOUBLE - ) - ) - console.print() - - # Display vulnerabilities - vuln_table = Table(title="⚠️ Vulnerabilities Detected", box=box.HEAVY) - vuln_table.add_column("Parameter", style="cyan") - vuln_table.add_column("Type", style="yellow") - vuln_table.add_column("Title", style="red") - - vuln_table.add_row( - "artist", - "boolean-based blind", - "AND boolean-based blind - WHERE or HAVING clause" - ) - vuln_table.add_row( - "artist", - "time-based blind", - "MySQL >= 5.0.12 AND time-based blind (query SLEEP)" - ) - - console.print(vuln_table) - console.print() - console.print( - "[bold red]⚠️ SQL injection vulnerabilities detected! Take immediate action.[/bold red]" - ) - console.print() - -if __name__ == "__main__": - demo_banner() - time.sleep(1) - demo_comprehensive_scan() - time.sleep(1) - demo_summary() diff --git a/sqlmapcli.py b/sqlmapcli.py index bc08d094d..331949be6 100755 --- a/sqlmapcli.py +++ b/sqlmapcli.py @@ -80,7 +80,7 @@ class SQLMapCLI: self.console.print() def run_sqlmap_test(self, url: str, level: int, risk: int, technique: str = "BEUSTQ", - batch: bool = True, extra_args: List[str] = None) -> Tuple[bool, str]: + batch: bool = True, data: str = None, extra_args: List[str] = None) -> Tuple[bool, str]: """Run sqlmap with specified parameters""" cmd = [ sys.executable, @@ -95,6 +95,9 @@ class SQLMapCLI: if batch: cmd.append("--batch") + if data: + cmd.extend(["--data", data, "--method", "POST"]) + if extra_args: cmd.extend(extra_args) @@ -150,7 +153,7 @@ class SQLMapCLI: } def comprehensive_scan(self, url: str, max_level: int = 5, max_risk: int = 3, - techniques: str = "BEUSTQ"): + techniques: str = "BEUSTQ", data: str = None): """Run comprehensive scan with all levels and risks""" self.results['target'] = url self.results['start_time'] = datetime.now() @@ -188,7 +191,7 @@ class SQLMapCLI: description=f"[cyan]Testing Level {level}, Risk {risk}..." ) - success, output = self.run_sqlmap_test(url, level, risk, techniques) + success, output = self.run_sqlmap_test(url, level, risk, techniques, data=data) parsed = self.parse_results(output) status = "✓" if success else "✗" @@ -217,14 +220,18 @@ class SQLMapCLI: self.console.print(results_table) self.display_summary() - def quick_scan(self, url: str, level: int = 1, risk: int = 1): + def quick_scan(self, url: str, level: int = 1, risk: int = 1, data: str = None): """Run a quick scan with default settings""" self.results['target'] = url self.results['start_time'] = datetime.now() + scan_info = f"[cyan]Running quick scan on:[/cyan]\n[yellow]{url}[/yellow]\n[dim]Level: {level}, Risk: {risk}[/dim]" + if data: + scan_info += f"\n[dim]POST Data: {data}[/dim]" + self.console.print( Panel( - f"[cyan]Running quick scan on:[/cyan]\n[yellow]{url}[/yellow]\n[dim]Level: {level}, Risk: {risk}[/dim]", + scan_info, border_style="cyan", box=box.ROUNDED ) @@ -238,7 +245,7 @@ class SQLMapCLI: ) as progress: task = progress.add_task("[cyan]Scanning for vulnerabilities...", total=None) - success, output = self.run_sqlmap_test(url, level, risk) + success, output = self.run_sqlmap_test(url, level, risk, data=data) progress.update(task, completed=True) parsed = self.parse_results(output) @@ -334,14 +341,17 @@ def main(): formatter_class=argparse.RawDescriptionHelpFormatter, epilog=""" Examples: - # Quick scan with default settings - python sqlmapcli.py -u "http://example.com/page?id=1" + # Quick scan with default settings (GET parameter) + python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" + + # Test with POST data (JSON) + python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/user/login" --data='{"email":"test@example.com","password":"pass123"}' # Comprehensive scan (all risk and level combinations) - python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive + python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --comprehensive - # Custom level and risk - python sqlmapcli.py -u "http://example.com/page?id=1" --level 3 --risk 2 + # Custom level and risk with POST data + python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/user/login" --data='{"email":"test@example.com","password":"pass123"}' --level 3 --risk 2 # Interactive mode python sqlmapcli.py --interactive @@ -398,6 +408,12 @@ Examples: help='SQL injection techniques to use (default: BEUSTQ)' ) + parser.add_argument( + '--data', + type=str, + help='Data string to be sent through POST (e.g., "username=test&password=test")' + ) + parser.add_argument( '-i', '--interactive', action='store_true', @@ -435,10 +451,11 @@ Examples: args.url, max_level=args.max_level, max_risk=args.max_risk, - techniques=args.technique + techniques=args.technique, + data=args.data ) else: - cli.quick_scan(args.url, level=args.level, risk=args.risk) + cli.quick_scan(args.url, level=args.level, risk=args.risk, data=args.data) if __name__ == "__main__":